Skip site navigation (1) Skip section navigation (2)

Re: JDBC SSL with postgresql

From: Craig Ringer <craig(at)postnewspapers(dot)com(dot)au>
To: Jeffrey Baker <jwbaker(at)gmail(dot)com>
Cc: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: JDBC SSL with postgresql
Date: 2010-06-03 06:19:19
Message-ID: 4C074967.2090305@postnewspapers.com.au (view raw or flat)
Thread:
Lists: pgsql-jdbc
On 3/06/2010 12:08 PM, Jeffrey Baker wrote:
> On Wed, Jun 2, 2010 at 5:46 PM, Jeffrey Baker<jwbaker(at)gmail(dot)com>  wrote:
>> I was interested in this[1] work on SSL client certs for JDBC, but I
>> see the author stopped working on your project.  I hope the list can
>> give me a quick clue, because i've been banging my head against this
>> all day.
>
> Just to update the list, I did figure this out.  Turns out I hadn't
> imported my private key into the keystore file.  Which, in turn, is a
> ridiculous pain in the butt because keytool can only deal with private
> keys it generated, or those in PKCS#12 files, and in fact only in
> PKCS#12 files protected with passwords.

It's often easier to just point the keyStore directly at a PKCS#12 file 
using the javax.net.ssl.trustStoreType=pkcs12 system property.

> Furthermore once the key is
> in the keystore it must also have a password there (keystore password
> as well as key password) or the implementation will refuse to use it!

And both passwords must be the SAME.

> # openssl pkcs12 -export -out client.pkcs12 -in client.cert -inkey client.key
> # keytool -importkeystore -deststorepass changeit -destkeystore
> client.jks -srckeystore client.pkcs12 -srcstorepass changeit
> -srcstoretype PKCS12 -alias 1 -destkeypass changeit

Generally, you are better off using keytool to generate the key and a 
certificate request, getting that certificate request signed by the CA, 
and importing the reply into your keystore.

--
Craig Ringer

In response to

pgsql-jdbc by date

Next:From: Craig RingerDate: 2010-06-03 06:23:15
Subject: Re: jdbc works in java app, fails in servlet: "no suitable jdbc found"
Previous:From: Craig RingerDate: 2010-06-03 05:52:26
Subject: Re: jdbc works in java app, fails in servlet: "no suitable jdbc found"

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group