Re: ssl connection issues

On Thu, 13 Sep 2018 at 11:10, Craig Ringer <craig(at)2ndquadrant(dot)com> wrote:

> On 13 September 2018 at 20:23, Gabriele Bulfon <gbulfon(at)sonicle(dot)com>
> wrote:
>
>> Hello,
>>
>> I recently configured Postgresql 9.0.9 with SSL only "on" and all its
>> needed server certificates.
>> I then created the client certificates and started working with them from
>> a windows client.
>>
>> At first I used them with tools like Navicat, just specified the 3 certs
>> files (key,crt and root.crt) in the ssl pane, worked fine.
>>
>> Then I tried with ODBC, placed the files in %APPDATA%/postgresql with
>> correct names (postgresql.key, postgresql.crt, root.crt), created the
>> connection and tested it, worked fine.
>>
>> Last I tried with jdbc, thinking it would have been so easy: I'm fighting
>> for 2 days with lots of different issues.
>> After some messing, I also finally discovered that, different from odbc,
>> it would look for a pk8 file (why this difference?).
>>
>
> AFAIK it's largely historical, and due to now-lifted limitations in JSSE.
>
> You should probably use sslfactory=org.postgresql.ssl.LibPQFactory and
> possibly specify explicit paths for the sslcert and sslkey parameters.
>
> This seems to be undocumented, unfortunately.
>

the default is LibPQFactory and it is fairly well documented.

https://jdbc.postgresql.org/documentation/head/connect.html#connection-parameters

If this is lacking please let me know. I will fix it.

Thanks
Dave Cramer

davec(at)postgresintl(dot)com
www.postgresintl.com

>