我正在尝试从 ColdFusion 8 Enterprise 客户端到 Redhat 5 Postgres 服务器的 SSL 连接。另一方设置了 Postgres 并向我发送了证书。
- 我成功将 root.crt 导入 E:\JRun4\jre\lib\security\cacerts 并重新启动服务。
- Postgres pg_hba.conf 文件具有客户端 IP,并且无需 SSL 即可正常连接
- Postgresql.conf 具有 ssl=on
- 服务器端证书是根据 http://www.postgresql.org/docs/8.2/static/ssl-tcp.html 并推测已完成正确的。
启用 SSL 后,我收到 org.postgresql.util.PSQLException: The connection attempts failed.,它从我所做的搜索中产生了很少的有用信息。
JDBC URL:jdbc:postgresql://xxxx/main?ssl=true
类:org.postgresql.Driver
可以做什么来查看/测试错误源是否在我端或服务器端?
I'm attempting an SSL connection from a ColdFusion 8 Enterprise client to a Redhat 5 Postgres server. Another party set up Postgres and sent me the certificates.
- I imported root.crt into E:\JRun4\jre\lib\security\cacerts successfully and restarted the service.
- The Postgres pg_hba.conf file has the client IP, and connects fine without SSL
- Postgresql.conf has ssl=on
- The server-side certs were created according to http://www.postgresql.org/docs/8.2/static/ssl-tcp.html and presumingly done correct.
With SSL enabled, I get org.postgresql.util.PSQLException: The connection attempt failed. which produces little helpful information from the searches I've done.
JDBC URL: jdbc:postgresql://x.x.x.x/main?ssl=true
Class: org.postgresql.Driver
What can be done to see/test if the error source is on my end or the server end?
发布评论
评论(3)
在对此类问题进行故障排除时,首先要考虑的明显问题是:
您可以使用 psql 启用 SSL 进行连接吗?
postgresql 日志中有什么有趣的内容吗?
如果这不起作用,有没有办法可以根据根 ca 的签名测试证书?
如果失败,我唯一能想到的就是跟踪客户端并查看 SSL 库中失败的确切位置。
Obvious questions to start with in troubleshooting something like this are:
Can you connect with SSL enabled using psql?
Is there anything of interest in the postgresql logs?
If that doesn't work, is there a way you can test the certificate against the root ca's signature?
If that fails, the only thing I can think of is tracing the client side and seeing exactly where in the SSL libraries it fails.
对于证书问题,请将
&sslfactory=org.postgresql.ssl.NonValidatingFactory添加到您的 jdbc url。请参阅 https://jdbc.postgresql.org/documentation/91/ssl-client .html 了解更多信息。For certificate problems add
&sslfactory=org.postgresql.ssl.NonValidatingFactoryto your jdbc url. See https://jdbc.postgresql.org/documentation/91/ssl-client.html for more information.我找到了解决这个问题的笔记。请注意,驱动器和文件夹路径可能与您的设置不同。
keytool -importcert -alias postgres -keystore e:\jrun4 \jre\lib\security\cacerts -file c:\location\of\server.crt -storepass changeitkeytool -list -alias postgres -keystore e:\jrun4\jre\lib\security\cacerts -storepass changeit。如果成功,您将看到该别名返回的单个列表,否则会显示未找到I found the notes I took for solving this. Note that the drive and folder paths may be different for your setup.
keytool -importcert -alias postgres -keystore e:\jrun4\jre\lib\security\cacerts -file c:\location\of\server.crt -storepass changeitkeytool -list -alias postgres -keystore e:\jrun4\jre\lib\security\cacerts -storepass changeit. If successful you'll see a single listing return by that alias, otherwise it will say none found