From: | José Carlos Stevenson <postgresql(at)windfinder(dot)com(dot)br> |
---|---|
To: | pgsql-jdbc(at)postgresql(dot)org |
Subject: | Re: SSL Problem |
Date: | 2004-07-16 15:10:16 |
Message-ID: | cd8r3a$18jn$1@news.hub.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
Dear Stefano and Kris,
I've been using JWS to deploy an application that uses postgresql.
I've configured pg to use MD5 for a minimum of security (user and
passwd) - how can I deploy an app that uses SSL WITHOUT having to run
keytool on each machine?
Can I "show" the certificate (self signed) and ask the user if he/she
would like to accept it as valied? Is thera a HOWTO anywhere or some
sample code showing how to do that?
I also have the same problem using LDAP (and OpenLDAP)...
Thanks in advance,
José Carlos Stevenson.
Stefano Bonnin wrote:
> Problem solved.
>
> I copied the certificate that I created on the server to the client and then
> I execute "keytool" on the client.
> So, every time that I install my application on a new PC I have to execute
> keytool operation on that machine.
>
> Thaks for the help.
> RedS
> ----- Original Message -----
> From: "Kris Jurka" <books(at)ejurka(dot)com>
> To: "Stefano Bonnin" <stefano(dot)bonnin(at)comai(dot)to>
> Cc: <pgsql-jdbc(at)postgresql(dot)org>
> Sent: Thursday, July 15, 2004 8:18 PM
> Subject: Re: [JDBC] SSL Problem
>
>
>
>>
>>On Thu, 15 Jul 2004, Stefano Bonnin wrote:
>>
>>
>>>2004-07-15 14:03:40 LOG: could not load root certificate file
>>>"/usr/local/pgsql-7.4.2/bin/../../pgsql-7.4.1/data/root.crt": No such
>
> file
>
>>>or directory
>>>DETAIL: Will not verify client certificates.
>>
>>This is fine. You do not need a root.crt file. This is used to
>>authenticate clients to the server which is optional and not necessary to
>>establish a SSL connection.
>>
>>Again the problem seems to be that you have not made the server cert
>>available to the connecting jvm. Adding -Djavax.net.debug=ssl to your
>>java command will produce a lot of debug information, but will likely
>>confirm this. The key line will be in the first part of the output where
>>it displays which trustStore you are using. The server cert must be in
>>this file.
>>
>>Kris Jurka
>>
>>---------------------------(end of broadcast)---------------------------
>>TIP 5: Have you checked our extensive FAQ?
>>
>> http://www.postgresql.org/docs/faqs/FAQ.html
>>
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> message can get through to the mailing list cleanly
>
From | Date | Subject | |
---|---|---|---|
Next Message | Kris Jurka | 2004-07-16 17:34:32 | Re: SSL Problem |
Previous Message | Chris Smith | 2004-07-16 13:40:21 | Re: Adding JDK1.5 removing 1.1 support. |