Обсуждение: Have some problem about the SSL connection by JDBC
I have some big problem.
I install these packages in Redhat Enterprise ES3.
postgresql-7.4.1-1PGDG.i386.rpm
postgresql-jdbc-7.4.1-1PGDG.i386.rpm
postgresql-libs-7.4.1-1PGDG.i386.rpm
postgresql-server-7.4.1-1PGDG.i386.rpm
When I use the ssl connection by JDBC,I have some problem.
--------------my program----------------
try{
String DBDriver="org.postgresql.Driver";
Class.forName(DBDriver);
String DBUrl = "jdbc:postgresql://myserver:50813/mydbname?ssl";
String strUser = "user";
String strPassword = "user";
Connection conn=DriverManager.getConnection(DBUrl,strUser,strPassword);
... ....
conn.close();
}catch(Exception e){
out.println(e.getMessage());
}
-------------------Error-------------------------
An I/O error has occured while flushing the output - Exception:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
Stack Trace:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) .....
----------------server log---------------
could not initialize SSL connection: sslv3 alert certificate unknown
When I use pgdev.301.jdbc3.jar download from
http://jdbc.postgresql.org/download.html I get the same error.
Can anybody help me?
zhang-x@cnt.mxy.nes.nec.co.jp wrote: > An I/O error has occured while flushing the output - Exception: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found You need to import the server certificate into the client's keystore. See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for details. -O
You need to import the certificate of the server into your default cert
store on the client for a valid ssl handshake to take place.
--Barry
zhang-x@cnt.mxy.nes.nec.co.jp wrote:
> I have some big problem.
> I install these packages in Redhat Enterprise ES3.
> postgresql-7.4.1-1PGDG.i386.rpm
> postgresql-jdbc-7.4.1-1PGDG.i386.rpm
> postgresql-libs-7.4.1-1PGDG.i386.rpm
> postgresql-server-7.4.1-1PGDG.i386.rpm
>
> When I use the ssl connection by JDBC,I have some problem.
> --------------my program----------------
> try{
> String DBDriver="org.postgresql.Driver";
> Class.forName(DBDriver);
> String DBUrl = "jdbc:postgresql://myserver:50813/mydbname?ssl";
> String strUser = "user";
> String strPassword = "user";
> Connection conn=DriverManager.getConnection(DBUrl,strUser,strPassword);
> ... ....
> conn.close();
> }catch(Exception e){
> out.println(e.getMessage());
> }
> -------------------Error-------------------------
> An I/O error has occured while flushing the output - Exception:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: No trusted certificate found
> Stack Trace:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: No trusted certificate found
> at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) .....
> ----------------server log---------------
> could not initialize SSL connection: sslv3 alert certificate unknown
> When I use pgdev.301.jdbc3.jar download from
> http://jdbc.postgresql.org/download.html I get the same error.
> Can anybody help me?
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 7: don't forget to increase your free space map settings
I have done all in that page ,but I still get the error. I use j2sdk-1.4.2_04. > > An I/O error has occured while flushing the output - Exception: > > javax.net.ssl.SSLHandshakeException: > > sun.security.validator.ValidatorException: No trusted certificate found > > You need to import the server certificate into the client's keystore. > See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for > details. > > -O > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster
Thanks for your help I have resolve my problem. Thanks. ----- Original Message ----- From: "Oliver Jowett" <oliver@opencloud.com> To: <zhang-x@cnt.mxy.nes.nec.co.jp> Cc: <pgsql-jdbc@postgresql.org> Sent: Wednesday, April 07, 2004 8:17 AM Subject: Re: [JDBC] Have some problem about the SSL connection by JDBC > zhang-x@cnt.mxy.nes.nec.co.jp wrote: > > > An I/O error has occured while flushing the output - Exception: > > javax.net.ssl.SSLHandshakeException: > > sun.security.validator.ValidatorException: No trusted certificate found > > You need to import the server certificate into the client's keystore. > See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for > details. > > -O > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster
Can you share the solution with the list? Dave On Wed, 2004-04-07 at 08:24, zhang-x@cnt.mxy.nes.nec.co.jp wrote: > Thanks for your help I have resolve my problem. > Thanks. > ----- Original Message ----- > From: "Oliver Jowett" <oliver@opencloud.com> > To: <zhang-x@cnt.mxy.nes.nec.co.jp> > Cc: <pgsql-jdbc@postgresql.org> > Sent: Wednesday, April 07, 2004 8:17 AM > Subject: Re: [JDBC] Have some problem about the SSL connection by JDBC > > > > zhang-x@cnt.mxy.nes.nec.co.jp wrote: > > > > > An I/O error has occured while flushing the output - Exception: > > > javax.net.ssl.SSLHandshakeException: > > > sun.security.validator.ValidatorException: No trusted certificate found > > > > You need to import the server certificate into the client's keystore. > > See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for > > details. > > > > -O > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 4: Don't 'kill -9' the postmaster > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) > -- Dave Cramer 519 939 0336 ICQ # 14675561
to Dave
http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php this is
useful.
After I read it.
I just import the server certificate into the client's keystore. (^-^)
I do it with this command:
# keytool -keystore $JAVA_HOME/jre/lib/security/cacerts -alias [any name for
the cert you like (i.e. postgres)] -import -file server.crt.der
And then it works.
By the way you should use JDBC Driver after 7.4.
----- Original Message -----
From: "Dave Cramer" <pg@fastcrypt.com>
To: <zhang-x@cnt.mxy.nes.nec.co.jp>
Cc: "Oliver Jowett" <oliver@opencloud.com>; <pgsql-jdbc@postgresql.org>
Sent: Wednesday, April 07, 2004 9:47 PM
Subject: Re: [JDBC] Have some problem about the SSL connection by JDBC
> Can you share the solution with the list?
>
> Dave
> On Wed, 2004-04-07 at 08:24, zhang-x@cnt.mxy.nes.nec.co.jp wrote:
> > Thanks for your help I have resolve my problem.
> > Thanks.
> > ----- Original Message -----
> > From: "Oliver Jowett" <oliver@opencloud.com>
> > To: <zhang-x@cnt.mxy.nes.nec.co.jp>
> > Cc: <pgsql-jdbc@postgresql.org>
> > Sent: Wednesday, April 07, 2004 8:17 AM
> > Subject: Re: [JDBC] Have some problem about the SSL connection by JDBC
> >
> >
> > > zhang-x@cnt.mxy.nes.nec.co.jp wrote:
> > >
> > > > An I/O error has occured while flushing the output - Exception:
> > > > javax.net.ssl.SSLHandshakeException:
> > > > sun.security.validator.ValidatorException: No trusted certificate
found
> > >
> > > You need to import the server certificate into the client's keystore.
> > > See http://archives.postgresql.org/pgsql-jdbc/2003-08/msg00110.php for
> > > details.
> > >
> > > -O
> > >
> > > ---------------------------(end of
broadcast)---------------------------
> > > TIP 4: Don't 'kill -9' the postmaster
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 2: you can get off all lists at once with the unregister command
> > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
> >
> --
> Dave Cramer
> 519 939 0336
> ICQ # 14675561
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html