Re: [JDBC] can't access through SSL

[Maz Mohammadi <mmohammadi@xxxxxxxxxxx>]

I still can’t access my SSL enabled server!!!

 

Is root.crt supposed to be an exact copy of server.crt file which I use in my client’s keystore?

 

I have another observation.  As I start the coordinator node, I don’t see any file access to the server.key or server.crt file?  Aren’t these files supposed to be read at start up time or at least when I try to make a connection from my java application?

 

Everything I try create a datasource on tomcat I get the follow error on client and server’s console…

 

FATAL:  connection requires a valid client certificate. 

 

Am I missing something?

 

-maz

 

From: pgsql-jdbc-owner@xxxxxxxxxxxxxx [mailto:pgsql-jdbc-owner@xxxxxxxxxxxxxx] On Behalf Of Maz Mohammadi
Sent: Friday, February 22, 2013 4:33 PM
To: pgsql-jdbc@xxxxxxxxxxxxxx
Subject: Re: [JDBC] can't access through SSL

 

Correction…

 

After double checking the path to java’s keystore file, and correcting it…this is the new error.

 

FATAL:  connection requires a valid client certificate. 

 

Any idea would be greatly appreciated.

 

-maz

 

From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:51 PM
To: 'pgsql-jdbc@xxxxxxxxxxxxxx'
Subject: RE: [JDBC] can't access through SSL

 

Hello,

 

I regenerated some new keys for my postgres server.  I’ve placed them under /var/lib…./coord and shared them with the datanodes as well.

 

After adding the certificates to the keystore for my tomcat java application, I get the following error on my server.

 

LOG:  could not accept SSL connection:  sslv3 alert certificate unkown.

 

I thought I had to use JDBC 3 for this.

 

Any ideas?

 

-maz

 

From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:45 PM
To: pgsql-jdbc@xxxxxxxxxxxxxx
Subject: RE: [JDBC] can't access through SSL

 

Thx,  one step closer.

 

pgsql-jdbc@xxxxxxxxxxxxxx

 

 

From: Vitalii Tymchyshyn [mailto:tivv00@xxxxxxxxx]
Sent: Friday, February 22, 2013 12:56 PM
To: Maz Mohammadi
Cc: pgsql-jdbc@xxxxxxxxxxxxxx
Subject: Re: [JDBC] can't access through SSL

 

Try jdbc:postgresql://localhost:5432/testdb?ssl=true

 

2013/2/22 Maz Mohammadi <mmohammadi@xxxxxxxxxxx>

Hello all,

 

I’m trying to access a postgres database through a java application (tomcat).  This is the only entry I have in pg_hba.conf

 

# TYPE  DATABASE        USER            ADDRESS                 METHOD

hostssl all                           all             127.0.0.1/32            cert

 

and put the certicate (from /var/lib/postre…../coord/server.crt) in the cacerts under $JAVA_HOME/…….

 

This is my jdbc URL….

jdbc:postgresql://localhost:5432/testdb&ssl=true

 

But When I try to create a datasource on tomcat, I get the following error…

“Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off”

 

Any help is greatly appreciated.

 

-maz

 

--
Best regards,
 Vitalii Tymchyshyn