Re: ssl connection strangely stops working

On Sat, Feb 5, 2011 at 11:08 AM, Radosław Smogura
<rsmogura(at)softperience(dot)eu> wrote:
> I was asking because I was need to configure truststore password with -D
> (realy unsecure, because ps -wwx will show it), to make GF to open LDAPS
> connection - I have self signed cert.
>
>> Very likely that the settings is in JVM.  When I wrote above reply I
>> made it work on Mac.
>> GF is using JVM of Apple.  I am still struggling to make it work on
>> windows 7 which uses Oracle JVM.
> I tested GF 3.1 on IBM JDK. I looked into sources, there are many many places
> that depends on Sun JVM implementation and Sun JDK. I wrote few lines to make
> this work, but hmmm... many places left.
>
>> Also in my replied above I meant to write that there is still
>> hostname/CN mismatch with new unexpired commercial CA.
>>
>
> I didn't found, at a glance any piece of code that adds custom cert or host
> name validation in JDBC driver, it uses this what will get from system.
> <snip>

It's nice to know that all the problems can be traced to JVM settings.

FWIW, I ended using
'sslfactory=org.postgresql.ssl.NonViladatingFactory' on Windows 7
which I didn't need on Mac.

Have you looked into 'keytool' ? That lets you manipulate the
certificates that JVM relies on. What I am not sure is where one must
enter server certificates one by one into JVM or whether one can enter
a CA.