Dave Cramer
Dave Cramer
did you add it to the java truststore as per the directions here https://jdbc.postgresql.org/documentation/head/ssl-client.html
OK, can you send me your server key and cert and I will try here. Thanks for your patience
change your connection string to `spring.datasource.url=jdbc:postgresql://localhost:5432/db?sslmode=verify-full&sslrootcert=rootCA.pem&sslcert=client.crt&sslkey=client.pk8&sslpassword=` I was able to connect successfully using your certs with no password.
sorry I meant the p12 file ``` public class TestP12 { public static void main(String[] args) { try (Connection connection = DriverManager.getConnection("jdbc:postgresql://localhost:5432/postgres?sslmode=verify-ca&sslrootcert=/Users/davecra/Downloads/rootCA.pem&sslkey=/Users/davecra/Downloads/postgres.p12&sslpassword=", "test", "test")){ try (Statement statement = connection.createStatement()){ try...
ah, ok, I am not using certificate authentication, rather password. Ok Let me try again
so it does fail, but since we are able to encrypt the connection using this I don't think this has anything to do with JDBC, rather postgres, still digging
``` javax.net.ssl|FINE|01|main|2022-08-10 14:25:27.301 EDT|CertificateMessage.java:291|No X.509 certificate for client authentication, use empty Certificate message instead javax.net.ssl|FINE|01|main|2022-08-10 14:25:27.302 EDT|CertificateMessage.java:322|Produced client Certificate handshake message ( "Certificates": ) ``` still digging, but I'm guessing...
Ya, I get that it works with nodejs, this is more of a java problem https://rotadev.com/why-doesnt-java-send-the-client-certificate-during-ssl-handshake-dev/
OK, I successfully authenticated with goodclient.p12 found https://github.com/pgjdbc/pgjdbc/tree/master/certdir I think you have to make sure that you create the client key with the same CA you used for the server.
From the docs I think this `It is not necessary to add the root certificate to server.crt. Instead, clients must have the root certificate of the server's certificate chain.` is...