| From: | Andrew M <andrew(at)jibeya(dot)com> |
|---|---|
| To: | pgsql-jdbc(at)postgresql(dot)org |
| Cc: | Vadim Nasardinov <vadimn(at)redhat(dot)com> |
| Subject: | Re: PostgreSQL + SSL - sun.security.validator.ValidatorException |
| Date: | 2004-12-08 10:06:09 |
| Message-ID: | C8726946-4900-11D9-870C-0003938366A4@jibeya.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
Ok,
I'm nearly there but not yet.....
I can ascertain what is in my keystore by doing:
$ keytool -list
Enter keystore password: mypassword
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
beyarecords.com, Dec 7, 2004, keyEntry,
Certificate fingerprint (MD5):
32:44:5B:78:85:BA:BA:96:C1:CF:DF:A2:6A:0E:78:CB
I specify properties in jboss like so:
javax.net.ssl.keyStore=/library/java/home/lib/security/cacerts
javax.net.ssl.keyStorePassword=changeit
javax.net.ssl.keyStoreType= JKS
The error message I get back is:
sun.security.validator.ValidatorException: No trusted certificate found
If I say :
javax.net.ssl.keyStore=/library/java/home/lib/security/cacerts/
beyarecords.com
javax.net.ssl.keyStorePassword=mypassword
I get the following error:
java.net.SocketException: Default SSL context init failed: null
I am of the understanding that once a certificate has been imported
into the keystore and associated via an alias(beyarecords.com) with a
key (32:44:5B:78:85:BA:BA:96:C1:CF:DF:A2:6A:0E:78:CB) that it is then
trusted? What am I missing here?
regards
Andrew
On 7 Dec 2004, at 16:37, Vadim Nasardinov wrote:
> On Tuesday 07 December 2004 07:38, Andrew M wrote:
>> I need to explain my setup here. I'm running a website via Jboss
>> application server.
> ...
>> I launch jboss like so:
>>
>>> cd /jboss/bin
>> /jboss/bin> ./run.sh
>>
>> So how do I tell the driver where to find the keystore in this
>> instance, as I am not running a stand alone java application?
>
> JBoss's run.sh likely provides a way to pass command-line options to
> the JRE. This is needed so can you specify the maximum heap and stack
> size, among other things. The standard way of doing this is to allow
> the user to set an enviroment variable called JAVA_OPTS or some
> such. So, once you know what this variable is named in your
> particular case, you should be able to do something along the
> following lines:
>
>
> $ cd /jboss/bin
> $ export
> JAVA_OPTS="-Djavax.net.ssl.trustStore=/library/java/home/lib/security/
> cacert"
> $ ./run.sh
>
> The script is then responsible for splicing this additional option
> onto the command line that it uses to invoke java.
>
> See
> http://www.google.com/search?q=jboss+run.sh+JAVA_OPTS&btnI=
>
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vadim Nasardinov | 2004-12-08 13:37:57 | Re: PostgreSQL + SSL - sun.security.validator.ValidatorException |
| Previous Message | Xavier Poinsard | 2004-12-08 09:53:56 | Re: Patch for jdbc escaped functions |