Fwd: ssl database connection problems...

From: Carol Walter <walterc(at)indiana(dot)edu>
To: pgsql-admin(at)postgresql(dot)org
Subject: Fwd: ssl database connection problems...
Date: 2008-12-31 16:16:42
Message-ID: 7F8630E3-7545-4F26-B477-25B48CBCD634@indiana.edu
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Begin forwarded message:

> From: Carol Walter <walterc(at)indiana(dot)edu>
> Date: December 31, 2008 11:16:01 AM GMT-05:00
> To: Ray Stell <stellr(at)cns(dot)vt(dot)edu>
> Subject: Re: [ADMIN] ssl database connection problems...
>
> Sorry, I obviously am pretty clueless.
>
> Thanks,
> Carol
>
> On Dec 31, 2008, at 10:09 AM, Ray Stell wrote:
>
>> On Wed, Dec 31, 2008 at 09:19:12AM -0500, Carol Walter wrote:
>>> Here's the output from s_client & s_server commands...
>>>
>>> # openssl s_client
>>> connect: Connection refused
>>> connect:errno=146
>>
>> oh, I think you need to use some more flags. Take a look at
>> this howto: http://www.madboa.com/geek/openssl/
>>
> Here's the output from the s_client command...
> walterc(at)iris:~$ openssl s_client -connect db.slis.indiana.edu:5433
> CONNECTED(00000005)
> 9726:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:../../../../common/openssl/ssl/s23_lib.c:226:
>
> On the web site you directed me to, the s_server command uses a file
> called 'mycert.pem'. Do you know what the system expecting for this
> file? I tried running it without having 'mycert.pem' created and
> got errors saying that it couldn't open the file, of course.
> Anyway, here's the output I got from that command...
>
> bash-3.00# openssl s_server -accept 443 -cert mycert.pem -WWW
> Using default temp DH parameters
> unable to get certificate from 'mycert.pem'
> 7408:error:02001002:system library:fopen:No such file or directory:/
> on10/build-nd/G10U2B2/usr/src/common/openssl/crypto/bio/bss_file.c:
> 104:fopen('mycert.pem','r')
> 7408:error:2006D080:BIO routines:BIO_new_file:no such file:/on10/
> build-nd/G10U2B2/usr/src/common/openssl/crypto/bio/bss_file.c:107:
> 7408:error:02001002:system library:fopen:No such file or directory:/
> on10/build-nd/G10U2B2/usr/src/common/openssl/crypto/bio/bss_file.c:
> 276:fopen('mycert.pem','r')
> 7408:error:20074002:BIO routines:FILE_CTRL:system lib:/on10/build-nd/
> G10U2B2/usr/src/common/openssl/crypto/bio/bss_file.c:278:
> 7408:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system
> lib:../../../../common/openssl/ssl/ssl_rsa.c:515:
>
>>
>>> I don't have a root.crt file.
>>>
>>> # openssl verify -CAfile ./root.crt testcert.pem
>>
>> right, my file root.ca was self generated using openssl (I'm the
>> CA). It is
>> analogous to the CA chain you might buy from Thawte or some other
>> trusted
>> authority. It is the file that I used to sign my server crt file,
>> testcrt.pem.
>> `
>> Yeah, you don't need it unless you want to auth a login with pg,
>> but we
>> are not there yet. You need to verify that openssl is not fubar
>> first, right?
>>
>>
>> Best in 2009, everyone: Carbon-free city under construction, cool!
>>
>> http://cosmos.bcst.yahoo.com/up/ynews;_ylt=AgPr9FSysEdu1cF5ydA9CPr737YB?ch=4226722&cl=11310260&lang=en
>

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Ray Stell 2008-12-31 21:08:41 Re: Fwd: ssl database connection problems...
Previous Message Ray Stell 2008-12-31 15:09:20 Re: ssl database connection problems...