Skip site navigation (1) Skip section navigation (2)

Fwd: ssl database connection problems...

From: Carol Walter <walterc(at)indiana(dot)edu>
To: pgsql-admin(at)postgresql(dot)org
Subject: Fwd: ssl database connection problems...
Date: 2008-12-31 16:16:42
Message-ID: 7F8630E3-7545-4F26-B477-25B48CBCD634@indiana.edu (view raw or flat)
Thread:
Lists: pgsql-admin

Begin forwarded message:

> From: Carol Walter <walterc(at)indiana(dot)edu>
> Date: December 31, 2008 11:16:01 AM GMT-05:00
> To: Ray Stell <stellr(at)cns(dot)vt(dot)edu>
> Subject: Re: [ADMIN] ssl database connection problems...
>
> Sorry, I obviously am pretty clueless.
>
> Thanks,
> Carol
>
> On Dec 31, 2008, at 10:09 AM, Ray Stell wrote:
>
>> On Wed, Dec 31, 2008 at 09:19:12AM -0500, Carol Walter wrote:
>>> Here's the output from s_client & s_server commands...
>>>
>>> # openssl s_client
>>> connect: Connection refused
>>> connect:errno=146
>>
>> oh, I think you need to use some more flags.  Take a look at
>> this howto:  http://www.madboa.com/geek/openssl/
>>
> Here's the output from the s_client command...
> walterc(at)iris:~$ openssl s_client -connect db.slis.indiana.edu:5433
> CONNECTED(00000005)
> 9726:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake  
> failure:../../../../common/openssl/ssl/s23_lib.c:226:
>
> On the web site you directed me to, the s_server command uses a file  
> called 'mycert.pem'.  Do you know what the system expecting for this  
> file?  I tried running it without having 'mycert.pem' created and  
> got errors saying that it couldn't open the file, of course.   
> Anyway, here's the output I got from that command...
>
> bash-3.00# openssl s_server -accept 443 -cert mycert.pem -WWW
> Using default temp DH parameters
> unable to get certificate from 'mycert.pem'
> 7408:error:02001002:system library:fopen:No such file or directory:/ 
> on10/build-nd/G10U2B2/usr/src/common/openssl/crypto/bio/bss_file.c: 
> 104:fopen('mycert.pem','r')
> 7408:error:2006D080:BIO routines:BIO_new_file:no such file:/on10/ 
> build-nd/G10U2B2/usr/src/common/openssl/crypto/bio/bss_file.c:107:
> 7408:error:02001002:system library:fopen:No such file or directory:/ 
> on10/build-nd/G10U2B2/usr/src/common/openssl/crypto/bio/bss_file.c: 
> 276:fopen('mycert.pem','r')
> 7408:error:20074002:BIO routines:FILE_CTRL:system lib:/on10/build-nd/ 
> G10U2B2/usr/src/common/openssl/crypto/bio/bss_file.c:278:
> 7408:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system  
> lib:../../../../common/openssl/ssl/ssl_rsa.c:515:
>
>>
>>> I don't have a root.crt file.
>>>
>>> # openssl  verify -CAfile ./root.crt testcert.pem
>>
>> right, my file root.ca was self generated using openssl (I'm the  
>> CA).  It is
>> analogous to the CA chain you might buy from Thawte or some other  
>> trusted
>> authority.  It is the file that I used to sign my server crt file,  
>> testcrt.pem.
>> `
>> Yeah, you don't need it unless you want to auth a login with pg,  
>> but we
>> are not there yet.  You need to verify that openssl is not fubar  
>> first, right?
>>
>>
>> Best in 2009, everyone:  Carbon-free city under construction,   cool!
>>
>> http://cosmos.bcst.yahoo.com/up/ynews;_ylt=AgPr9FSysEdu1cF5ydA9CPr737YB?ch=4226722&cl=11310260&lang=en
>

Responses

pgsql-admin by date

Next:From: Ray StellDate: 2008-12-31 21:08:41
Subject: Re: Fwd: ssl database connection problems...
Previous:From: Ray StellDate: 2008-12-31 15:09:20
Subject: Re: ssl database connection problems...

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group