Re: SSL question

On Fri, Feb 01, 2008 at 09:08:23AM -0600, Bronson, Allan B. (Mission Systems) wrote:

> I am trying to create a SSl connection to PostGres using JDBC and am not
> sure if it is working.
>
> I read that you must have openssl on the client machine for the
> connection to take place.

You don't need openssl if you use JDBC since SSL-support is part of
Java and the JDBC-driver will handle the SSL stuff.

I've never used SSL connections though, so this is a bit of guessing on
my side.

> I have turned ssl = on in the config file,
> created a cert and key file and placed them in the correct directory,
> created a truststore and add the ?ssl=true to the url for the client.
> When I do all this I connect and get data back from the db. My
> confusion is when I read that I need openssl on the client machine to
> connect, since I can connect without openssl installed. I do notice
> that if my truststore does not have the cert placed in it, I get an
> error saying missing certificate ( something like that ), does that mean
> ssl is working for the client and server?

I'd simply take a packet sniffer like wireshark and look at the network
traffic with and without SSL. That way you'll see what is going on and
whether it's encrypted.

HTH,

Tino.

--
www.craniosacralzentrum.de
www.spiritualdesign-chemnitz.de

Tino Schwarze * Lortzingstraße 21 * 09119 Chemnitz