Re: can't access through SSL

I still can't access my SSL enabled server!!!

Is root.crt supposed to be an exact copy of server.crt file which I use in my client's keystore?

I have another observation. As I start the coordinator node, I don't see any file access to the server.key or server.crt file? Aren't these files supposed to be read at start up time or at least when I try to make a connection from my java application?

Everything I try create a datasource on tomcat I get the follow error on client and server's console...

FATAL: connection requires a valid client certificate.

Am I missing something?

-maz

From: pgsql-jdbc-owner(at)postgresql(dot)org [mailto:pgsql-jdbc-owner(at)postgresql(dot)org] On Behalf Of Maz Mohammadi
Sent: Friday, February 22, 2013 4:33 PM
To: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: [JDBC] can't access through SSL

Correction...

After double checking the path to java's keystore file, and correcting it...this is the new error.

FATAL: connection requires a valid client certificate.

Any idea would be greatly appreciated.

-maz

From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:51 PM
To: 'pgsql-jdbc(at)postgresql(dot)org'
Subject: RE: [JDBC] can't access through SSL

Hello,

I regenerated some new keys for my postgres server. I've placed them under /var/lib..../coord and shared them with the datanodes as well.

After adding the certificates to the keystore for my tomcat java application, I get the following error on my server.

LOG: could not accept SSL connection: sslv3 alert certificate unkown.

I thought I had to use JDBC 3 for this.

Any ideas?

-maz

From: Maz Mohammadi
Sent: Friday, February 22, 2013 3:45 PM
To: pgsql-jdbc(at)postgresql(dot)org<mailto:pgsql-jdbc(at)postgresql(dot)org>
Subject: RE: [JDBC] can't access through SSL

Thx, one step closer.

pgsql-jdbc(at)postgresql(dot)org<mailto:pgsql-jdbc(at)postgresql(dot)org>

From: Vitalii Tymchyshyn [mailto:tivv00(at)gmail(dot)com]
Sent: Friday, February 22, 2013 12:56 PM
To: Maz Mohammadi
Cc: pgsql-jdbc(at)postgresql(dot)org<mailto:pgsql-jdbc(at)postgresql(dot)org>
Subject: Re: [JDBC] can't access through SSL

Try jdbc:postgresql://localhost:5432/testdb?ssl=true

2013/2/22 Maz Mohammadi <mmohammadi(at)pentaho(dot)com<mailto:mmohammadi(at)pentaho(dot)com>>
Hello all,

I'm trying to access a postgres database through a java application (tomcat). This is the only entry I have in pg_hba.conf

# TYPE DATABASE USER ADDRESS METHOD
hostssl all all 127.0.0.1/32<http://127.0.0.1/32> cert

and put the certicate (from /var/lib/postre...../coord/server.crt) in the cacerts under $JAVA_HOME/.......

This is my jdbc URL....
jdbc:postgresql://localhost:5432/testdb&ssl=true

But When I try to create a datasource on tomcat, I get the following error...
"Connection attempt failed: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "progres-xc", database "testdb&ssl=true", SSL off"

Any help is greatly appreciated.

-maz

--
Best regards,
Vitalii Tymchyshyn