From: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
---|---|
To: | Jeffrey Baker <jwbaker(at)gmail(dot)com> |
Cc: | pgsql-jdbc(at)postgresql(dot)org |
Subject: | Re: JDBC SSL with postgresql |
Date: | 2010-06-03 06:19:19 |
Message-ID: | 4C074967.2090305@postnewspapers.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
On 3/06/2010 12:08 PM, Jeffrey Baker wrote:
> On Wed, Jun 2, 2010 at 5:46 PM, Jeffrey Baker<jwbaker(at)gmail(dot)com> wrote:
>> I was interested in this[1] work on SSL client certs for JDBC, but I
>> see the author stopped working on your project. I hope the list can
>> give me a quick clue, because i've been banging my head against this
>> all day.
>
> Just to update the list, I did figure this out. Turns out I hadn't
> imported my private key into the keystore file. Which, in turn, is a
> ridiculous pain in the butt because keytool can only deal with private
> keys it generated, or those in PKCS#12 files, and in fact only in
> PKCS#12 files protected with passwords.
It's often easier to just point the keyStore directly at a PKCS#12 file
using the javax.net.ssl.trustStoreType=pkcs12 system property.
> Furthermore once the key is
> in the keystore it must also have a password there (keystore password
> as well as key password) or the implementation will refuse to use it!
And both passwords must be the SAME.
> # openssl pkcs12 -export -out client.pkcs12 -in client.cert -inkey client.key
> # keytool -importkeystore -deststorepass changeit -destkeystore
> client.jks -srckeystore client.pkcs12 -srcstorepass changeit
> -srcstoretype PKCS12 -alias 1 -destkeypass changeit
Generally, you are better off using keytool to generate the key and a
certificate request, getting that certificate request signed by the CA,
and importing the reply into your keystore.
--
Craig Ringer
From | Date | Subject | |
---|---|---|---|
Next Message | Craig Ringer | 2010-06-03 06:23:15 | Re: jdbc works in java app, fails in servlet: "no suitable jdbc found" |
Previous Message | Craig Ringer | 2010-06-03 05:52:26 | Re: jdbc works in java app, fails in servlet: "no suitable jdbc found" |