Re: SSL without verifying server certificate

Oliver Nolden wrote:
> Hi everyone,
>
> I want to realize a secure database connection with jdbc and SSL
> between an applet and a postgres database 7.4. The driver pg74jdbc3.jar
> supports SSL, I created the server certificates with OpenSSL. The
> postgres server works fine with ssl. To establish a ssl connection with
> the client, you have to import the self-signed certificate to the
> client`s machine.
>
> Now my question: Is it possible to establish a ssl connection without
> importing the server certificate to the client machine? i.e. that
> the jdbc driver does not verify the self-signed server certificate?
> Thereby I could use the applet on every computer.

If you do this, you become vulnerable to man-in-the-middle attacks.
Might as well just use an unencrypted connection in the first place.

-O