Troubleshooting someone elses problem over the phone.
The error is trying to connect from one server to another servers db over ssl. The error message is: 'requires a valid client certificate' I've done everything to ensure that they have created the correct cert. I had them debug=yes ssl:handshake and send me the logs. In their logs they have nothing set for the keystore and the wrong path for the truststore.
Herein I think lies the issue. We have an executable jar that reads the paths and passwords for the keystore/truststore and sets the values via calls such as System.setProperty("javax.net.ssl.keyStore", config.getKeyStore());
from within the executable. I've verified at least locally that I can communicate over SSL from 1 server to anothers database in our test environment and all is fine. If I were to remove all of the settings then the error log generated by the ssl:handshake gives me the 'requires a valid client certificate'.
- I'm told that the destination server with the DB has its pg_hba file set properly to accept the communication over SSL from the specified id.
- I've verified that the cert is valid from the CA.
The only thing that I can think of is that the executable jar is not setting the values to the System via the code System.setProperty("javax.net.ssl.keyStore");
Is this a configuration that needs to occur to the Red Hat server to allow the jar to set system properties or is this at the file permission level or ? ? ?
I'm at a loss here and would appreciate any guidance on this issue.
Very difficult environment. I'm on the North-East tasked to assist someone in Midwest to trouble shoot them trying to connect to our Database in the South-West. I have no access to the actual servers and have to try and debug over the phone.