Re: SSL connection failure

I got a much better error message finally! ColdFusion's debug output
provided me with a much better message. The lines that say "unable to find
valid certification path to requested target" are the biggest help, but I'm
importing server.crt into the default cacerts file under
E:\Jrun4\jre\lib\security, so is there some configuration I'm missing?

===========================================================================
org.postgresql.util.PSQLException: The connection attempt failed.
at
org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFa
ctoryImpl.java:136)
at
org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:
65)
at
org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.
java:116)
at
org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.
java:30)
at
org.postgresql.jdbc3.Jdbc3Connection.<init>(Jdbc3Connection.java:24)
at org.postgresql.Driver.makeConnection(Driver.java:369)
at org.postgresql.Driver.connect(Driver.java:245)
at
coldfusion.server.j2ee.sql.pool.JDBCPool.createPhysicalConnection(JDBCPool.j
ava:589)
at
coldfusion.server.j2ee.sql.pool.ConnectionRunner$RunnableConnection.run(Conn
ectionRunner.java:67)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh
aker.java:975)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshake
r.java:123)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884
)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket
Impl.java:1096)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:62
3)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.postgresql.core.PGStream.flush(PGStream.java:532)
at
org.postgresql.core.v3.ConnectionFactoryImpl.sendStartupPacket(ConnectionFac
toryImpl.java:243)
at
org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFa
ctoryImpl.java:91)
... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerI
mpl.java:126)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509Tru
stManagerImpl.java:209)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509Tru
stManagerImpl.java:249)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh
aker.java:954)
... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBui
lder.java:174)
at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 27 more

-----Original Message-----
From: Maciek Sakrejda [mailto:msakrejda(at)truviso(dot)com]
Sent: Wednesday, March 30, 2011 4:55 PM
To: David Patricola
Cc: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: [JDBC] SSL connection failure

> After restarting java services, I retest the datasource connection
> (jdbc:postgresql://x.x.x.x/main?ssl) and get the fail message
> "org.postgresql.util.PSQLException: The connection attempt failed." with
no
> details in any logs to provide details. The connection works without ssl
> fine.

In addition to Dave's suggetion, have you configured driver-level
logging to check what's going on there? See loglevel connection
parameter and DriverManager.setLogWriter().

---
Maciek Sakrejda | System Architect | Truviso

1065 E. Hillsdale Blvd., Suite 215
Foster City, CA 94404
(650) 242-3500 Main
www.truviso.com