Re: SSL certificates issue

Il giorno lun, 22/08/2011 alle 09.37 -0400, Tom Lane ha scritto:
> Asia <asia123321@op.pl> writes:
> > Now the issue is then when using libpq it was enough to have only root certificate in server's root.crt and it
workedfine. 
> > But when I tried using the same with JDBC it turned out that I need to put whole chain (2 certs) of Intermediate CA
1in server's root.crt. 
[...]
> In the JDBC case you'd need to put all those certs into the client's
> keystore, which I'm afraid I don't know the details of doing.  Possibly
> somebody on pgsql-jdbc could help you with that.

you should import CA certificate in your JRE ca certstore with commands:

cd $JAVA_HOME/jre/lib/security
keytool -import -trustcacerts -alias $YOURCAALIAS \
    -file $YOURCACERTFILE -keystore cacerts

I usually store in client and server certificates the whole chain from
primary CA.

Bye,
Giuseppe