Skip site navigation (1) Skip section navigation (2)

Re: PostgreSQL + SSL - sun.security.validator.ValidatorException

From: Kris Jurka <books(at)ejurka(dot)com>
To: John R Pierce <pierce(at)hogranch(dot)com>
Cc: Andrew M <andrew(at)jibeya(dot)com>, pgsql-jdbc(at)postgresql(dot)org
Subject: Re: PostgreSQL + SSL - sun.security.validator.ValidatorException
Date: 2004-12-11 08:22:55
Message-ID: Pine.BSO.4.56.0412110318350.27632@leary.csoft.net (view raw or flat)
Thread:
Lists: pgsql-jdbc

On Sat, 11 Dec 2004, John R Pierce wrote:

> > It uses specific files relative to the user's $HOME directory.  I don't 
> > think this translates well into Java and I'm unsure what code would be 
> > needed on the driver side to set this up.  It would be great if someone 
> > more Java+SSL knowledgeable could point us in the right direction here.
> 
> if the jdbc driver is using J2SE 1.4 style SecureSockets, then the
> certificate store is in ${JAVA_HOME}/lib/security
> (%JAVA_HOME%\lib\security on Windows)
> 
> there is a keytool command in J2SE to manipuate and generate these keys.
> http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
> 

Right, we know how to handle verifying the server certificate against the 
client keystore, that's pretty much all handled by java's SSL 
implementation.  The question is how do you do the reverse, providing the 
client certificate to the server.  For validating the server's cert java 
can just loop through all available certs in the keystore and see if any 
of them match.  For sending a client cert on to the server there must be 
some means of selecting one particular cert you want to send.

Kris Jurka

In response to

pgsql-jdbc by date

Next:From: Andrew MDate: 2004-12-11 10:20:20
Subject: Re: PostgreSQL + SSL - sun.security.validator.ValidatorException
Previous:From: John R PierceDate: 2004-12-11 08:11:14
Subject: Re: PostgreSQL + SSL - sun.security.validator.ValidatorException

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group