Hi,
I want to use my H2 TCP database server with SSL. Basically I start my
server with the following command
java -server -classpath ./h2-1.4.190.jar -Dh2.enableAnonymousTLS=true
org.h2.tools.Server -tcp -tcpSSL -tcpAllowOthers -tcpPort 28001
-tcpPassword secret
and get the following start message:
TCP server running at ssl://172.17.32.96:28001 (others can connect)
The server is now running but neither I can access or shutdown the server.
For shutdown I use the following command:
java -classpath ./h2-1.4.190.jar org.h2.tools.Server -tcpShutdown
ssl://localhost:28001 -tcpShutdownForce -tcpPassword secret
and get the following messages;
Shutting down TCP Server at ssl://localhost:28001
Exception in thread "main" org.h2.jdbc.JdbcSQLException: Connection is
broken: "javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target: localhost:28001" [90067-190]
at
org.h2.message.DbException.getJdbcSQLException(DbException.java:345)
at org.h2.message.DbException.get(DbException.java:168)
at org.h2.engine.SessionRemote.connectServer(SessionRemote.java:452)
at
org.h2.engine.SessionRemote.connectEmbeddedOrServer(SessionRemote.java:329)
at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:107)
at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:91)
at org.h2.Driver.connect(Driver.java:72)
...
Wiht JetBRains 0xDBE I use the following URL
jdbc:h2:ssl://sles11Manfred2:28001/database
and get the following error message:
Connection to H2 - sles11Manfred2 failed
java.sql.SQLException: Verbindung ist unterbrochen:
"javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target: sles11Manfred2:28001"
Connection is broken: "javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target: sles11Manfred2:28001"
[90067-190]
at org.h2.message.DbException.getJdbcSQLException(DbException.java:345)
at org.h2.message.DbException.get(DbException.java:168)
at org.h2.engine.SessionRemote.connectServer(SessionRemote.java:452)
at
org.h2.engine.SessionRemote.connectEmbeddedOrServer(SessionRemote.java:329)
at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:107)
at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:91)
at org.h2.Driver.connect(Driver.java:72)
IMHO access to the H2 TCP SSL server should also be possible without
certificates (just encrypt the connection). Is this really possible?
If yes: what is wrong in my settings?
If no: of course I can create a keystore and truststore for the server,
but: how can I couple a client certificate to a database user in this case?
Using user and pasword after sending by client certifcate doesn't make much
sense in my opinion.
Best
Manfred
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/h2-database.
For more options, visit https://groups.google.com/d/optout.
