Testing the SSL JDBC connection v42.5.4.2

If you're using Java's default mechanism (not LibPQFactory) to create the SSL connection, you need to make the server certificate available to Java.

  1. Set the following property in the Java program.

    String url=“jdbc:edb://localhost/test?user=fred&password=secret&ssl=true;
  2. Convert the server certificate to Java format:

    $ openssl x509 -in server.crt -out server.crt.der -outform der
  3. Import this certificate into Java's system truststore.

    $ keytool -keystore $JAVA_HOME/lib/security/cacerts -alias postgresql-import -file server.crt.der
  4. If you don't have access to the system cacerts truststore, create your own truststore.

    $ keytool -keystore mystore -alias postgresql -import -file server.crt.der
  5. Start your Java application and test the program.

    $ java -Djavax.net.ssl.trustStore=mystore com.mycompany.MyApp

    For example:

    $java -classpath .:/usr/edb/jdbc/edb-jdbc18.jar–
    Djavax.net.ssl.trustStore=mystore pg_test2 public
Note

To troubleshoot connection issues, add -Djavax.net.debug=ssl to the Java command.

Using SSL without certificate validation

By default, the combination of SSL=true and setting the connection URL parameter sslfactory=com.edb.ssl.NonValidatingFactory encrypts the connection but doesn't validate the SSL certificate. To enforce certificate validation, you must use a Custom SSLSocketFactory.

For more details about writing a Custom SSLSocketFactory, see the PostgreSQL documentation.