pgjdbc is not working with PKCS8 certificates with password
Hi ,
postgresql-42.7.1.jar
Trying to use establish a connection using PKCS8 certificate created with
password.
*openssl pkcs8 -topk8 -inform PEM -in client.key -outform DER -out
client.pk8 -passout pass:foobar*
I set the properties as below:
*...*
*sslProperties.setProperty("sslkey",
"client.pk8");sslProperties.setProperty("sslpassword","foobar");*
*...*
*Connection connection = DriverManager.getConnection(jdbcUrl,
sslProperties);*
*....*
*This is failing with the error:*
*org.postgresql.util.PSQLException: SSL error: Connection reset at
org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:43) at
org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:584)
at
org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:168)*
*...*
Regards,
Madhu
On further investigation,
*With certificate generated as below. JDBC connection is successful.openssl
pkcs8 -topk8 -inform PEM -in client.key -outform DER -out client.pk8
-passout pass:foobar * -v1 PBE-MD5-DES
But a connection from pgAdmin (connection failed:
\SSLCerts\pk8_pass\client_pass_PBE.pk8": no start line) and psql(psql:
error: could not load private key file "client_pass_PBE.pk8": unsupported)
is failing
Is there a common way in which certificate with passwords can be created
for both libpq and jdbc ?
On Wed, Feb 7, 2024 at 3:17 PM just madhu <justvmadhu@gmail.com> wrote:
Show quoted text
Hi ,
postgresql-42.7.1.jar
Trying to use establish a connection using PKCS8 certificate created with
password.*openssl pkcs8 -topk8 -inform PEM -in client.key -outform DER -out
client.pk8 -passout pass:foobar*I set the properties as below:
*...**sslProperties.setProperty("sslkey",
"client.pk8");sslProperties.setProperty("sslpassword","foobar");*
*...**Connection connection = DriverManager.getConnection(jdbcUrl,
sslProperties);*
*....*
*This is failing with the error:**org.postgresql.util.PSQLException: SSL error: Connection reset at
org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:43) at
org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:584)
at
org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:168)*
*...*Regards,
Madhu
On 2/7/24 06:42, just madhu wrote:
On further investigation,
/With certificate generated as below. JDBC connection is successful./
openssl pkcs8 -topk8 -inform PEM -in client.key -outform DER -out
client.pk8 -passout pass:foobar / -v1 PBE-MD5-DESBut a connection from pgAdmin (connection failed:
\SSLCerts\pk8_pass\client_pass_PBE.pk8": no start line) and psql(psql:
error: could not load private key file "client_pass_PBE.pk8":
unsupported) is failingIs there a common way in which certificate with passwords can be
created for both libpq and jdbc ?
You may want to check with the pgjdbc project on github rather than (or
in addition to?) here; see:
https://github.com/pgjdbc/pgjdbc/issues
Joe
On Wed, Feb 7, 2024 at 3:17 PM just madhu <justvmadhu@gmail.com
<mailto:justvmadhu@gmail.com>> wrote:Hi ,
postgresql-42.7.1.jar
Trying to use establish a connection using PKCS8 certificate created
with password./openssl pkcs8 -topk8 -inform PEM -in client.key -outform DER -out
client.pk8 -passout pass:foobar
/I set the properties as below:
/.../
/sslProperties.setProperty("sslkey", "client.pk8");
sslProperties.setProperty("sslpassword","foobar");/
/.../
/Connection connection = DriverManager.getConnection(jdbcUrl,
sslProperties);
/
/..../
/This is failing with the error:/
/org.postgresql.util.PSQLException: SSL error: Connection reset
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:43)
at
org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:584)
at
org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:168)
/
/.../Regards,
Madhu
--
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
I see that the generated certificate is not working in pgAdmin and psql.
So I wanted a way by which I could make it work there as well.
As ANS.1 DER is a supported format for libpq, I suppose that this
certificate should work here as well.
Also as suggested checking in pgjdbc as well.
On Wed, Feb 7, 2024 at 8:22 PM Joe Conway <mail@joeconway.com> wrote:
Show quoted text
On 2/7/24 06:42, just madhu wrote:
On further investigation,
/With certificate generated as below. JDBC connection is successful./
openssl pkcs8 -topk8 -inform PEM -in client.key -outform DER -out
client.pk8 -passout pass:foobar / -v1 PBE-MD5-DESBut a connection from pgAdmin (connection failed:
\SSLCerts\pk8_pass\client_pass_PBE.pk8": no start line) and psql(psql:
error: could not load private key file "client_pass_PBE.pk8":
unsupported) is failingIs there a common way in which certificate with passwords can be
created for both libpq and jdbc ?You may want to check with the pgjdbc project on github rather than (or
in addition to?) here; see:https://github.com/pgjdbc/pgjdbc/issues
Joe
On Wed, Feb 7, 2024 at 3:17 PM just madhu <justvmadhu@gmail.com
<mailto:justvmadhu@gmail.com>> wrote:Hi ,
postgresql-42.7.1.jar
Trying to use establish a connection using PKCS8 certificate created
with password./openssl pkcs8 -topk8 -inform PEM -in client.key -outform DER -out
client.pk8 -passout pass:foobar
/I set the properties as below:
/.../
/sslProperties.setProperty("sslkey", "client.pk8");
sslProperties.setProperty("sslpassword","foobar");/
/.../
/Connection connection = DriverManager.getConnection(jdbcUrl,
sslProperties);
/
/..../
/This is failing with the error:/
/org.postgresql.util.PSQLException: SSL error: Connection reset
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:43)
atorg.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:584)
at
org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:168)
/
/.../Regards,
Madhu--
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com