CF8 SSL Connection to Postgres fails_问答_开发者

开发者 https://www.devze.com 2023-02-19 13:27 出处：网络

I\'m attempting an SSL connection from a ColdFusion 8 Enterprise client to a Redhat 5 Postgres server.Another party set up Postgres and sent me the certificates.

I'm attempting an SSL connection from a ColdFusion 8 Enterprise client to a Redhat 5 Postgres server. Another party set up Postgres and sent me the certificates.

I imported root.crt into E:\JRun4\jre\lib\security\cacerts successfully and restarted the service.
The Postgres pg_hba.conf file has the client IP, and connects fine without SSL
Postgresql.conf has ssl=on
The server-side certs were created according to http://www.postgresql.org/docs/8.2/static/ssl-tcp.html and presumingly done correct.

With SSL enabled, I get org.postgresql.util.PSQLException: The connection attempt failed. which produces little helpful information from the searches I've done.

JDBC URL: jdbc:postgresql://x.x.x.x/main?ssl=true

Class: org.postgresql.Driver

What can be done to see/test if the error source is on my end or the server en开发者_如何学编程d?

Obvious questions to start with in troubleshooting something like this are:

Can you connect with SSL enabled using psql?
Is there anything of interest in the postgresql logs?
If that doesn't work, is there a way you can test the certificate against the root ca's signature?
If that fails, the only thing I can think of is tracing the client side and seeing exactly where in the SSL libraries it fails.

For certificate problems add &sslfactory=org.postgresql.ssl.NonValidatingFactory to your jdbc url. See https://jdbc.postgresql.org/documentation/91/ssl-client.html for more information.

I found the notes I took for solving this. Note that the drive and folder paths may be different for your setup.

Copy server.crt.der your destination server
Open a command window in your destination server and go to E:\Jrun4\jre\bin\
Type in the following command: keytool -importcert -alias postgres -keystore e:\jrun4\jre\lib\security\cacerts -file c:\location\of\server.crt -storepass changeit
It will prompt you whether you should trust this certificate; answer yes
To verify it successfully installed, type: keytool -list -alias postgres -keystore e:\jrun4\jre\lib\security\cacerts -storepass changeit. If successful you'll see a single listing return by that alias, otherwise it will say none found
After the certificate has been stored you may delete the actual certificate file from the server
Restart ColdFusion services on the client machine