开发者

CF8 SSL Connection to Postgres fails

I'm attempting an SSL connection from a ColdFusion 8 Enterprise client to a Redhat 5 Postgres server. Another party set up Postgres and sent me the certificates.

  1. I imported root.crt into E:\JRun4\jre\lib\security\cacerts successfully and restarted the service.
  2. The Postgres pg_hba.conf file has the client IP, and connects fine without SSL
  3. Postgresql.conf has ssl=on
  4. The server-side certs were created according to http://www.postgresql.org/docs/8.2/static/ssl-tcp.html and presumingly done correct.

With SSL enabled, I get org.postgresql.util.PSQLException: The connection attempt failed. which produces little helpful information from the searches I've done.

JDBC URL: jdbc:postgresql://x.x.x.x/main?ssl=true

Class: org.postgresql.Driver

What can be done to see/test if the error source is on my end or the server en开发者_如何学编程d?


Obvious questions to start with in troubleshooting something like this are:

  1. Can you connect with SSL enabled using psql?

  2. Is there anything of interest in the postgresql logs?

  3. If that doesn't work, is there a way you can test the certificate against the root ca's signature?

  4. If that fails, the only thing I can think of is tracing the client side and seeing exactly where in the SSL libraries it fails.


For certificate problems add &sslfactory=org.postgresql.ssl.NonValidatingFactory to your jdbc url. See https://jdbc.postgresql.org/documentation/91/ssl-client.html for more information.


I found the notes I took for solving this. Note that the drive and folder paths may be different for your setup.

  1. Copy server.crt.der your destination server
  2. Open a command window in your destination server and go to E:\Jrun4\jre\bin\
  3. Type in the following command: keytool -importcert -alias postgres -keystore e:\jrun4\jre\lib\security\cacerts -file c:\location\of\server.crt -storepass changeit
  4. It will prompt you whether you should trust this certificate; answer yes
  5. To verify it successfully installed, type: keytool -list -alias postgres -keystore e:\jrun4\jre\lib\security\cacerts -storepass changeit. If successful you'll see a single listing return by that alias, otherwise it will say none found
  6. After the certificate has been stored you may delete the actual certificate file from the server
  7. Restart ColdFusion services on the client machine
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜