| From: | Jeffrey Baker <jwbaker(at)gmail(dot)com> |
|---|---|
| To: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: JDBC SSL with postgresql |
| Date: | 2010-06-03 04:08:52 |
| Message-ID: | AANLkTim91O5GEynBfhjXZUaJM4Wp0YHtvKFf-iTWAFU5@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Wed, Jun 2, 2010 at 5:46 PM, Jeffrey Baker <jwbaker(at)gmail(dot)com> wrote:
> I was interested in this[1] work on SSL client certs for JDBC, but I
> see the author stopped working on your project. I hope the list can
> give me a quick clue, because i've been banging my head against this
> all day.
Just to update the list, I did figure this out. Turns out I hadn't
imported my private key into the keystore file. Which, in turn, is a
ridiculous pain in the butt because keytool can only deal with private
keys it generated, or those in PKCS#12 files, and in fact only in
PKCS#12 files protected with passwords. Furthermore once the key is
in the keystore it must also have a password there (keystore password
as well as key password) or the implementation will refuse to use it!
# openssl pkcs12 -export -out client.pkcs12 -in client.cert -inkey client.key
# keytool -importkeystore -deststorepass changeit -destkeystore
client.jks -srckeystore client.pkcs12 -srcstorepass changeit
-srcstoretype PKCS12 -alias 1 -destkeypass changeit
and
$ java -Djavax.net.ssl.keyStore=./client.jks
-Djavax.net.ssl.keyStorePassword=changeit
-Djavax.net.ssl.trustStore=./truststore
Given all that, it works!
-jwb
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Manohar Bhattarai | 2010-06-03 04:15:51 | Re: jdbc works in java app, fails in servlet: "no suitable jdbc found" |
| Previous Message | Jeffrey Baker | 2010-06-03 03:06:35 | Re: JDBC SSL with postgresql |