Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Postgres SSL configuration false flag appears not to work #42

Open
brian-tholen opened this issue Nov 15, 2021 · 2 comments
Open

Postgres SSL configuration false flag appears not to work #42

brian-tholen opened this issue Nov 15, 2021 · 2 comments

Comments

@brian-tholen
Copy link

When setting the database to be Postgres and SSL flag to false, it appears to still try the SSL handshake.

See below for a reference code snippet and error output from portfolio logs:

database:
kind: postgres
db: postgres
host: x.x.x.x
id: postgres
password: !@#$%^
port: 5432
ssl: false

SSL HANDSHAKE FAILURE: A signer with SubjectDN [C=US, O="Google, Inc", CN=xyz] was sent from the host [35.239.229.155:5432]. The signer might need to be added to local trust store [/opt/ol/wlp/usr/servers/defaultServer/resources/security/trust.p12], located in SSL configuration alias [defaultSSLConfig]. The extended error message from the SSL handshake exception is: [PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target].

CWPKI0828E: The trustDefaultCerts attribute is enabled but trust was not established by using the default truststore. The extended error message from the SSL handshake exception is: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
[11/15/21, 19:55:57:348 UTC] 00000025 aultServer/apps/Portfolio.war!/WEB-INF/classes/_jpa-unit.ejb E
Local Exception Stack:
Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.7.9.v20210604-2c549e2208): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: SSL error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target DSRA0010E: SQL State = 08006, Error Code = 0
@rtclauss
Copy link
Contributor

I had the same issue with Postgres RDS on AWS not connecting with ssl: false set, too.

If I supplied the correct certs from [here](https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem" > ${mydir}/rds-combined-ca-bundle.pem) I was able to successfully connect to the database over SSL

@brian-tholen
Copy link
Author

GTK - Thanks for confirming on AWS as well! I was/am in GCP.

I had the same issue with Postgres RDS on AWS not connecting with ssl: false set, too.

If I supplied the correct certs from [here](https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem" > ${mydir}/rds-combined-ca-bundle.pem) I was able to successfully connect to the database over SSL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rtclauss @brian-tholen