PostgreSQL JDBC SSL
[英]Postgresql JDBC SSL
问题描述
We have a remote PostgreSQL DB server which requires SSL certs to be provided to connect to it. 
我们有一个远程PostgreSQL数据库服务器,该服务器需要提供SSL证书才能连接到它。
I have the following certs with me. 我有以下证书。
root.pem
intermediate.pem
private-chain.pem
public-chain.pem
certificate.cer
certificate.key
And I am able to connect to the remote database using psql as 而且我能够使用psql连接到远程数据库
psql "port=5432 host=remote-host user=username sslcert=public-chain.pem sslkey=certificate.key dbname=database sslmode=require"
Now, I need to connect to the same database from a Java Spring based Rest API . 现在,我需要从基于Java Spring的Rest API连接到相同的数据库。 So, ideally this would require building keystrokes from the certs and using that to connect to the the db. 因此,理想情况下,这将需要从证书构建击键,并使用该击键连接到数据库。
The issue is, I'm not able to! 问题是,我无法! I've tried all combinations of cert, public-chain, private-chain, root ca, etc. in the keystore. 我在密钥库中尝试了cert,public-chain,private-chain,root ca等的所有组合。 And I've tried passing the keystore as JVM arguments when calling the jar file ( -Djavax.net.ssl.trustStore -Djavax.net.ssl.trustStorePassword -Djavax.net.ssl.keyStore -Djavax.net.ssl.keyStorePassword ). 而且我尝试在调用jar文件时将密钥库作为JVM参数传递( -Djavax.net.ssl.trustStore -Djavax.net.ssl.trustStorePassword -Djavax.net.ssl.keyStore -Djavax.net.ssl.keyStorePassword ) 。
I've also tried pointing to the keystrokes from PostgreSQL JDBC connection string ( jdbc:postgresql://remote-host:5432/database?ssl=true&sslcert='filename'&sslkey='key' ). 我还尝试过指向PostgreSQL JDBC连接字符串( jdbc:postgresql:// remote-host:5432 / database?ssl = true&sslcert ='filename'&sslkey ='key' ) 的击键 。 Not really sure if this is the right way. 不太确定这是否是正确的方法。
But I keep getting this error. 但是我一直收到这个错误。
Caused by: org.postgresql.util.PSQLException: FATAL: connection requires a valid client certificate
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:473) ~[postgresql-42.2.2.jar!/:42.2.2]
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:205) ~[postgresql-42.2.2.jar!/:42.2.2]
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49) ~[postgresql-42.2.2.jar!/:42.2.2]
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195) ~[postgresql-42.2.2.jar!/:42.2.2]
at org.postgresql.Driver.makeConnection(Driver.java:452) ~[postgresql-42.2.2.jar!/:42.2.2]
at org.postgresql.Driver.connect(Driver.java:254) ~[postgresql-42.2.2.jar!/:42.2.2]
I am not able to figure out why it works with psql and not with jdbc. 我无法弄清楚为什么它可用于psql而不适用于jdbc。
EDIT 1: 编辑1:
Currently I am trying the following approach. 目前,我正在尝试以下方法。 This is the spring datasource configuration 这是spring数据源配置
spring.datasource.url=jdbc:postgresql://remote-host:5432/database?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
spring.datasource.username=username
This is the cert config 这是证书配置
export PGSSLCERT=/tmp/client.cer
export PGSSLKEY=/tmp/client.key
export PGSSLMODE=allow
I've also followed the steps described here to trust root ca. 我还按照此处介绍的步骤信任根ca。 But I guess that is not necessary since I'm using org.postgresql.ssl.NonValidatingFactory 但是我想那是不必要的,因为我正在使用org.postgresql.ssl.NonValidatingFactory
And I'm starting the application as 我正在启动该应用程序
java -jar -Dspring.profiles.active=prod application.jar
Any insights into this are appreciated! 对此有任何见解,不胜感激! Thanks. 谢谢。
1 个解决方案
解决方案1
0 2019-03-28 17:54:48
What does your pb_hba.conf setting look like? 您的pb_hba.conf设置是什么样的?
The JDBC driver only supports the trust, ident, password, md5, and crypt authentication methods. JDBC驱动程序仅支持信任,身份,密码,md5和crypt身份验证方法。
So your java app will have to connect using password and certificate. 因此,您的Java应用将必须使用密码和证书进行连接。 You can specify that in your pb_hba.conf: 您可以在pb_hba.conf中指定:
hostssl all all 0.0.0.0/0 md5 clientcert=1
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.