rootCA.key -CAcreateserial -out client.crt -days 5000 #Create a certificate for database client Openssl req -new -key client.key -out client.csr (certificate signing request- CN MUST be db user name) Openssl genrsa -out client.key 2048 (private key) rootCA.key -CAcreateserial -out server.crt -days 5000 Openssl req -new -key server.key -out server.csr Openssl req -x509 -new -key rootCA.key -days 10000 -out rootCA.crt (create root cert signed by the CA private key) Openssl genrsa -out rootCA.key 2048 (generate CA private key) I tried openssl x509 -outform der -in postgresql.key -out rġ40663292355968:error:0906D06C:PEM routines:PEM_read_bio:no start line./crypto/pem/pem_lib.c:686:Expecting: TRUSTED guess it expects PEM format. I googled, and someone suggested I convert the key file to a "der" format. : Could not read SSL key file /home/user1/cert/postgresql.key.Īt 4.LazyKeyManager.getPrivateKey(LazyKeyManager.java:250)Īt .getPrivateKey(SSLContextImpl.java:1250) When I run the code (in Eclipse, in client machine/Debian), I get this error: ResultSet rs = st.executeQuery( "SELECT * FROM " + someTableName ) tProperty("loggerLevel","TRACE") Ĭ = DriverManager.getConnection(url,props) tProperty("sslkey","/home/user1/cert/postgresql.key") tProperty("sslcert","/home/user1/cert/postgresql.crt") tProperty("sslrootcert","/home/user1/cert/root.crt") (3)originally created as "rootCA.crt" in 192.168.56.102:/var/lib/CA/, and copied as "root.crt" (2)originally created as "client.key" in 192.168.56.102:/var/lib/CA/client/, and copied as postgresql.key (1)originally created as "client.crt" in 192.168.56.102:/var/lib/CA/client/, and copied as postgresql.crt to the client side I copied the "client side" files to /home/user1/cert/ (created "cert" folder) (had to created ".postgresql" folder)Īnd when I used psql from a client machine (Debian), I can connect happily as I mentioned above. This I learnt by watching a Youtube video ( ).įor my own memo, I am reproducing the steps to create certificates and keys below, copied directly from that Youtube:Īfter creating those files, I copied the server side files to /etc/postgresql/9.6/main/) (I am using Debian, and "data" directory seems to be "/etc/postgresql/9.6/main/").Īnd the client side files to /home/user1/.postgresql folder. I started by creating a CA, server side key and certificate, and client side key and certificate. However, I have been unable to connect using a Java connection string.
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off) I can connect to the server using psql command line from a client machine(192.168.56.101) (psql -h 192.168.56.102 -U user1 -d testdb) [192.168.56.102 is "postgreSERVER" machine) I am having hard time to connect to PostgreSQL server using client certificate from within a Java program.
0 kommentar(er)
