We want to connect the PostgreSQL db through jdbc using the self signed certificate. Keystore option is available but i want to pass the certificate though my jdbc command line . is there any option available for the same
1
-
You may use a self signed cert with Postgres and JDBC (see here), but keep in mind that importing the cert into Java is somewhat non trivial.Tim Biegeleisen– Tim Biegeleisen2019-09-17 07:22:15 +00:00Commented Sep 17, 2019 at 7:22
Add a comment
|
2 Answers
According to the documentation, the URL will look somewhat like this:
jdbc:postgresql://host:port/database?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslcert=/path/to/cert&sslkey=/path/to/key
This assumes that the client doesn't need to verify the server's certificate, but the server will verify the client's certificate.
Comments
To connect to a Postgres server that uses a self-signed certificate, set the sslmode to require. The client will not verify the CA cert or hostname, which is a good fit for a self-signed cert. There is no need for a keystone.
jdbc:postgresql://host:port/database?ssl=true&sslmode=require
Laurenz Albe's answer covers how to make the Postgres server verify the client's identity.
To verify the server's CA and its hostname:
jdbc:postgresql://host:port/database?ssl=true&sslmode=verify-full&sslrootcert=/my-path/key.pem
It expects the CA's certificate at /my-path/key.pem
sslmode=verify-ca will check the CA but not the hostname.
There is more information on the Postgres JDBC Driver website about configuring the client for SSL and about the connection configuration parameters.
1 Comment
Jake Nelson
Please use code blocks when providing an instruction/command to for the user to enter.