Skip site navigation (1) Skip section navigation (2)

Re: PostgreSQL + SSL - sun.security.validator.ValidatorException

From: Andrew M <andrew(at)jibeya(dot)com>
To: pgsql-jdbc(at)postgresql(dot)org
Cc: Vadim Nasardinov <vadimn(at)redhat(dot)com>
Subject: Re: PostgreSQL + SSL - sun.security.validator.ValidatorException
Date: 2004-12-08 10:06:09
Message-ID: C8726946-4900-11D9-870C-0003938366A4@jibeya.com (view raw or flat)
Thread:
Lists: pgsql-jdbc
Ok,
I'm nearly there but not yet.....

I can ascertain what is in my keystore by doing:

$ keytool -list

	Enter keystore password:  mypassword

	Keystore type: jks
	Keystore provider: SUN

	Your keystore contains 1 entry

	beyarecords.com, Dec 7, 2004, keyEntry,
	Certificate fingerprint (MD5):  
32:44:5B:78:85:BA:BA:96:C1:CF:DF:A2:6A:0E:78:CB

I specify properties in jboss like so:

	javax.net.ssl.keyStore=/library/java/home/lib/security/cacerts
	javax.net.ssl.keyStorePassword=changeit
	javax.net.ssl.keyStoreType= JKS

The error message I get back is:

	sun.security.validator.ValidatorException: No trusted certificate found

If I say :
	javax.net.ssl.keyStore=/library/java/home/lib/security/cacerts/ 
beyarecords.com
	javax.net.ssl.keyStorePassword=mypassword

I  get the following error:

	java.net.SocketException: Default SSL context init failed: null
	
I am of the understanding that once a certificate has been imported  
into the keystore and associated via an alias(beyarecords.com) with a  
key (32:44:5B:78:85:BA:BA:96:C1:CF:DF:A2:6A:0E:78:CB) that it is then  
trusted? What am I missing here?

regards

Andrew

On 7 Dec 2004, at 16:37, Vadim Nasardinov wrote:

> On Tuesday 07 December 2004 07:38, Andrew M wrote:
>> I need to explain my setup here. I'm running a website via Jboss
>> application server.
> ...
>> I launch jboss like so:
>>
>>> cd /jboss/bin
>> /jboss/bin>  ./run.sh
>>
>> So how do I tell the driver where to find the keystore in this
>> instance, as I am not running a stand alone java application?
>
> JBoss's run.sh likely provides a way to pass command-line options to
> the JRE.  This is needed so can you specify the maximum heap and stack
> size, among other things.  The standard way of doing this is to allow
> the user to set an enviroment variable called JAVA_OPTS or some
> such.  So, once you know what this variable is named in your
> particular case, you should be able to do something along the
> following lines:
>
>
> $ cd /jboss/bin
> $ export  
> JAVA_OPTS="-Djavax.net.ssl.trustStore=/library/java/home/lib/security/ 
> cacert"
> $  ./run.sh
>
> The script is then responsible for splicing this additional option
> onto the command line that it uses to invoke java.
>
> See
> http://www.google.com/search?q=jboss+run.sh+JAVA_OPTS&btnI=
>
>
>


In response to

Responses

pgsql-jdbc by date

Next:From: Vadim NasardinovDate: 2004-12-08 13:37:57
Subject: Re: PostgreSQL + SSL - sun.security.validator.ValidatorException
Previous:From: Xavier PoinsardDate: 2004-12-08 09:53:56
Subject: Re: Patch for jdbc escaped functions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group