| From: | just madhu <justvmadhu(at)gmail(dot)com> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org, pgsql-hackers(at)lists(dot)postgresql(dot)org, Dave Cramer <davecramer(at)postgres(dot)rocks> |
| Subject: | Re: pgjdbc is not working with PKCS8 certificates with password |
| Date: | 2024-02-07 15:23:20 |
| Message-ID: | CALwjh=TWm0CHwFVAXBehMMxsem+TJfh+B=A4cyiEmnWmX2m+uw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
I see that the generated certificate is not working in pgAdmin and psql.
So I wanted a way by which I could make it work there as well.
As ANS.1 DER is a supported format for libpq, I suppose that this
certificate should work here as well.
Also as suggested checking in pgjdbc as well.
On Wed, Feb 7, 2024 at 8:22 PM Joe Conway <mail(at)joeconway(dot)com> wrote:
> On 2/7/24 06:42, just madhu wrote:
> > On further investigation,
> > /With certificate generated as below. JDBC connection is successful./
> > openssl pkcs8 -topk8 -inform PEM -in client.key -outform DER -out
> > client.pk8 -passout pass:foobar / -v1 PBE-MD5-DES
> >
> > But a connection from pgAdmin (connection failed:
> > \SSLCerts\pk8_pass\client_pass_PBE.pk8": no start line) and psql(psql:
> > error: could not load private key file "client_pass_PBE.pk8":
> > unsupported) is failing
> >
> > Is there a common way in which certificate with passwords can be
> > created for both libpq and jdbc ?
>
>
> You may want to check with the pgjdbc project on github rather than (or
> in addition to?) here; see:
>
> https://github.com/pgjdbc/pgjdbc/issues
>
> Joe
>
> > On Wed, Feb 7, 2024 at 3:17 PM just madhu <justvmadhu(at)gmail(dot)com
> > <mailto:justvmadhu(at)gmail(dot)com>> wrote:
> >
> > Hi ,
> >
> > postgresql-42.7.1.jar
> >
> > Trying to use establish a connection using PKCS8 certificate created
> > with password.
> >
> > /openssl pkcs8 -topk8 -inform PEM -in client.key -outform DER -out
> > client.pk8 -passout pass:foobar
> > /
> >
> > I set the properties as below:
> > /.../
> > /sslProperties.setProperty("sslkey", "client.pk8");
> > sslProperties.setProperty("sslpassword","foobar");/
> > /.../
> > /Connection connection = DriverManager.getConnection(jdbcUrl,
> > sslProperties);
> > /
> > /..../
> > /This is failing with the error:/
> > /org.postgresql.util.PSQLException: SSL error: Connection reset
> > at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:43)
> > at
> >
> org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:584)
> > at
> >
> org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:168)
> > /
> > /.../
> >
> > Regards,
> > Madhu
> >
>
> --
> Joe Conway
> PostgreSQL Contributors Team
> RDS Open Source Databases
> Amazon Web Services: https://aws.amazon.com
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | jian he | 2024-02-07 15:43:53 | Re: BUG #18314: PARALLEL UNSAFE function does not prevent parallel index build |
| Previous Message | Joe Conway | 2024-02-07 14:52:02 | Re: pgjdbc is not working with PKCS8 certificates with password |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-02-07 15:26:30 | Re: pg_get_expr locking |
| Previous Message | Stephen Frost | 2024-02-07 15:08:14 | Re: Set log_lock_waits=on by default |