I'm trying to debug why my ssl connection to postgresql on a remote box is
failing, but any error logs that catch the information provide no more useful
info than what the browser spits back at me. Robust Exception Information is
enabled. is there anything else I'm missing in terms of
, David Patricola wrote:
I'm trying to debug why my ssl connection to postgresql on a remote
box is failing, but any error logs that catch the information provide
no more useful info than what the browser spits back at me. Robust
Exception Information is enabled. is there anything else
Thank you everyone for your help so far. I'm at the cusp of completion and now
the final test remains. I am testing my CF8 Enterprise datasource client
connection to a Redhat 5 Postgresql server, and so far is failing:
Someone else created the certificates for me on the Redhat box and sent
I updated jrun.xml to have SSL turned on and restarted the service no
problem:
That's unrelated to this. That lets you use the built-in JRun web
server to allow SSL/TLS connections.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/
Fig Leaf Software is
So this XML is only for https not a secure database connection?
What about the keystore and truststore shortcuts?
Yes, it's only for letting the JRun web server accept HTTPS
connections. Everything running within the same JVM uses the same
keystore, and SSL/TLS requires keys and
This is what I generally use.
C: C:\Program Files\Java\jdk1.6.0_24\bin\keytool -delete -noprompt
-trustcacerts -alias domain.com.cer -keystore C:\Program
Files\Java\jdk1.6.0_24\jre\lib\security\cacerts -storepass [password]
C:C:\Program Files\Java\jdk1.6.0_24\bin\keytool -import -noprompt
It seems that I have to import a single certificate (all articles I
find refer in the singular). So if I had to choose between root.crt
or server.crt file,
which one would be installed?
Well, I'm not sure it will matter, actually. If you import the root
certificate to the store, the
You did restart CF, correct?
.:.:.:.:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
http://acoderslife.com
http://cf4em.com
onsite
Thanks for the insight! I've coverted root.crt to .cre and imported it but
still am unable to connect. Is there a CF log that provides a better error
description than
I have a remote db server's 2 .crt and .key files and am ready to store them
into the CF8 Enterprise truststore for Postgre SSL connectivity (self-signed,
too). I have read a few articles about importing using the keytool but have
zero Java knowledge.
1. What is the purpose of the keystore
I have a remote db server's 2 .crt and .key files and am ready to
store them into the CF8 Enterprise truststore for Postgre SSL
connectivity (self-
signed, too). I have read a few articles about importing using the
keytool but have zero Java knowledge.
1. What is the purpose of the
I have a remote db server's 2 .crt and .key files and am ready to
store them into the CF8 Enterprise truststore for Postgre SSL
connectivity (self-
signed, too). I have read a few articles about importing using the
keytool but have zero Java knowledge.
1. What is the purpose of the
I have a remote Redhat 5.0 box running PostgreSQL 8.0 and it's set to accept
SSL connections only. I have the 3 root/cert files necessary for the
handshaking to occur between host and client. The datasource to the box works
fine when unencrypted: jdbc:postgresql://x.x.x.x/main (with
I have a remote Redhat 5.0 box running PostgreSQL 8.0 and it's set
to accept SSL connections only. I have the 3 root/cert files
necessary for
the handshaking to occur between host and client. The datasource to
the box works fine when unencrypted: jdbc:postgresql://x.x.x.x/main
(with
I have a remote Redhat 5.0 box running PostgreSQL 8.0 and it's set
to accept SSL connections only. I have the 3 root/cert files
necessary for
the handshaking to occur between host and client. The datasource to
the box works fine when unencrypted: jdbc:postgresql://x.x.x.x/main
(with
Thank you for the direction! My only question with this is that the
host box is creating this keystore, so how will it be moved to the
remote client
box?
The server and client will have separate keystores. You simply need
to
use keytool to import the server's certificates into the
15 matches
Mail list logo