From: | Jeffrey Baker <jwbaker(at)gmail(dot)com> |
---|---|
To: | pgsql-jdbc(at)postgresql(dot)org |
Cc: | craig(at)postnewspapers(dot)com(dot)au |
Subject: | JDBC SSL with postgresql |
Date: | 2010-06-03 00:46:18 |
Message-ID: | AANLkTikptvIa8hE5J_9lzqIwZYuQ7AMHLQIiZh8uAFEn@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
I was interested in this[1] work on SSL client certs for JDBC, but I
see the author stopped working on your project. I hope the list can
give me a quick clue, because i've been banging my head against this
all day.
1: http://github.com/ringerc/pkcs12provider
First of all, I should mention that my client cert authentication is
working fine with libpq/psql. So I'm satisfied that the certs and
keys are in order.
The problem is when I try to use JDBC it doesn't pick up my client
cert. I have two files, truststore and keystore.
$ file truststore keystore
truststore: Java KeyStore
keystore: Java KeyStore
truststore has only my self-signed root CA cert. keystore has the
root CA cert and my signed client certificate. Using a trivial JDBC
test class and this command line:
java -cp /usr/share/java/postgresql.jar:.
-Djavax.net.ssl.keyStore=./keystore
-Djavax.net.ssl.trustStore=./truststore TestJdbc
I get this exception:
Exception in thread "main" org.postgresql.util.PSQLException: FATAL:
connection requires a valid client certificate
Which is half good, because I know that it's validating the trust
chain from the server to the root CA, but half bad because it's not
sending the client cert. I know it's opening the keystore with my
client cert in it, because I verified it with strace.
Do I need to use a SSL socket factory class to make this work, or is
it supposed to work out of the box and if so how?
-jwb
From | Date | Subject | |
---|---|---|---|
Next Message | Craig Ringer | 2010-06-03 02:19:33 | Re: jdbc works in java app, fails in servlet: "no suitable jdbc found" |
Previous Message | philfrei | 2010-06-03 00:28:13 | Re: jdbc works in java app, fails in servlet: "no suitable jdbc found" |