Skip site navigation (1) Skip section navigation (2)

Fw: SSL Problem

From: "Stefano Bonnin" <stefano(dot)bonnin(at)comai(dot)to>
To: <pgsql-jdbc(at)postgresql(dot)org>
Subject: Fw: SSL Problem
Date: 2004-07-16 11:00:50
Message-ID: 002a01c46b24$27f1cfd0$0501a8c0@comai04 (view raw or flat)
Thread:
Lists: pgsql-jdbc

 ok the problem is here, the output is the following

 ...
 trustStore is: C:\java\j2sdk1.4.2_03\jre\lib\security\cacerts
 ...

 but now I undestand that I don't undestand nothing about the certificates.
 This is the CLIENT PATH i.e the path of the machine where my java (client)
 application run on. I always operated on the server, never on the client!
 So, if I want a SSL connection between postgres and another PC I have to
 create the certificate and execute

 keytool -keystore /usr/local/j2sdk1.4.2_04/jre/lib/security/cacerts -alias
 postgres -import -file server.crt.der

 on the CLIENT? Or not?

 Thanks


>
> ----- Original Message ----- 
> From: "Kris Jurka" <books(at)ejurka(dot)com>
> To: "Stefano Bonnin" <stefano(dot)bonnin(at)comai(dot)to>
> Cc: <pgsql-jdbc(at)postgresql(dot)org>
> Sent: Thursday, July 15, 2004 8:18 PM
> Subject: Re: [JDBC] SSL Problem
>
>
> >
> >
> > On Thu, 15 Jul 2004, Stefano Bonnin wrote:
> >
> > > 2004-07-15 14:03:40 LOG:  could not load root certificate file
> > > "/usr/local/pgsql-7.4.2/bin/../../pgsql-7.4.1/data/root.crt": No such
> file
> > > or directory
> > > DETAIL:  Will not verify client certificates.
> >
> > This is fine.  You do not need a root.crt file.   This is used to
> > authenticate clients to the server which is optional and not necessary
to
> > establish a SSL connection.
> >
> > Again the problem seems to be that you have not made the server cert
> > available to the connecting jvm.  Adding -Djavax.net.debug=ssl to your
> > java command will produce a lot of debug information, but will likely
> > confirm this.  The key line will be in the first part of the output
where
> > it displays which trustStore you are using.  The server cert must be in
> > this file.
> >
> > Kris Jurka
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 5: Have you checked our extensive FAQ?
> >
> >                http://www.postgresql.org/docs/faqs/FAQ.html
> >
>


pgsql-jdbc by date

Next:From: Stefano BonninDate: 2004-07-16 11:17:47
Subject: Re: SSL Problem
Previous:From: Oliver JowettDate: 2004-07-16 10:50:34
Subject: Re: Adding JDK1.5 removing 1.1 support.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group