Skip site navigation (1) Skip section navigation (2)

Re: SSL Problem

From: José Carlos Stevenson <postgresql(at)windfinder(dot)com(dot)br>
To: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: SSL Problem
Date: 2004-07-16 15:10:16
Message-ID: cd8r3a$18jn$1@news.hub.org (view raw or flat)
Thread:
Lists: pgsql-jdbc
Dear Stefano and Kris,

I've been using JWS to deploy an application that uses postgresql.
I've configured pg to use MD5 for a minimum of security (user and 
passwd) - how can I deploy an app that uses SSL WITHOUT having to run 
keytool on each machine?
Can I "show" the certificate (self signed) and ask the user if he/she 
would like to accept it as valied? Is thera a HOWTO anywhere or some 
sample code showing how to do that?
I also have the same problem using LDAP (and OpenLDAP)...

Thanks in advance,
José Carlos Stevenson.

Stefano Bonnin wrote:
> Problem solved.
> 
> I copied the certificate that I created on the server to the client and then
> I execute "keytool" on the client.
> So, every time that I install my application on a new PC I have to execute
> keytool operation on that machine.
> 
> Thaks for the help.
> RedS
> ----- Original Message ----- 
> From: "Kris Jurka" <books(at)ejurka(dot)com>
> To: "Stefano Bonnin" <stefano(dot)bonnin(at)comai(dot)to>
> Cc: <pgsql-jdbc(at)postgresql(dot)org>
> Sent: Thursday, July 15, 2004 8:18 PM
> Subject: Re: [JDBC] SSL Problem
> 
> 
> 
>>
>>On Thu, 15 Jul 2004, Stefano Bonnin wrote:
>>
>>
>>>2004-07-15 14:03:40 LOG:  could not load root certificate file
>>>"/usr/local/pgsql-7.4.2/bin/../../pgsql-7.4.1/data/root.crt": No such
> 
> file
> 
>>>or directory
>>>DETAIL:  Will not verify client certificates.
>>
>>This is fine.  You do not need a root.crt file.   This is used to
>>authenticate clients to the server which is optional and not necessary to
>>establish a SSL connection.
>>
>>Again the problem seems to be that you have not made the server cert
>>available to the connecting jvm.  Adding -Djavax.net.debug=ssl to your
>>java command will produce a lot of debug information, but will likely
>>confirm this.  The key line will be in the first part of the output where
>>it displays which trustStore you are using.  The server cert must be in
>>this file.
>>
>>Kris Jurka
>>
>>---------------------------(end of broadcast)---------------------------
>>TIP 5: Have you checked our extensive FAQ?
>>
>>               http://www.postgresql.org/docs/faqs/FAQ.html
>>
> 
> 
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
>       subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
>       message can get through to the mailing list cleanly
> 

In response to

Responses

pgsql-jdbc by date

Next:From: Kris JurkaDate: 2004-07-16 17:34:32
Subject: Re: SSL Problem
Previous:From: Chris SmithDate: 2004-07-16 13:40:21
Subject: Re: Adding JDK1.5 removing 1.1 support.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group