ssl connection issues

Hello,

 

I recently configured Postgresql 9.0.9 with SSL only "on" and all its needed server certificates.

I then created the client certificates and started working with them from a windows client.

 

At first I used them with tools like Navicat, just specified the 3 certs files (key,crt and root.crt) in the ssl pane, worked fine.

 

Then I tried with ODBC, placed the files in %APPDATA%/postgresql with correct names (postgresql.key, postgresql.crt, root.crt), created the connection and tested it, worked fine.

 

Last I tried with jdbc, thinking it would have been so easy: I'm fighting for 2 days with lots of different issues.

After some messing, I also finally discovered that, different from odbc, it would look for a pk8 file (why this difference?).

I created the pk8 file on the server from the original key used for odbc, with the command:

# openssl pkcs8 -topk8 -in client.key -out client.pk8 -outform DER -nocrypt

placed the pk8 file in %APPDATA%/postgresql and launched my test java connection:

 

Connection con=DriverManager.getConnection("jdbc:postgresql://myhost:5432/mydb?ssl=true&loggerLevel=DEBUG&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=require","user","pass");

 

And now I get this:

 

Exception in thread "main" org.postgresql.util.PSQLException: SSL error: Received fatal alert: decrypt_error
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:42)
at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:435)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:94)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
at org.postgresql.Driver.makeConnection(Driver.java:454)
at org.postgresql.Driver.connect(Driver.java:256)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:247)
at com.sonicle.aliseo.server.TestPostgresSSL.main(TestPostgresSSL.java:23)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:40)
... 10 more

 

Tried both with jdk1.7 and jdk1.8 and openjdk1.8.

 

Any idea?
Gabriele