Creating an SSL secured PostgreSQL Connection Pool
Hi all!
After having a quite good start with SJSAS with only a few problems, now I'm trying to use a connection pool from the AS. So far, I'm using PostgreSQL and I installed an appropriate driver and added it's path to the AS.
Classpath Suffix:
/srv/postgresql-8.1-407.jdbc3.jar
JVM Options: -Djdbc.drivers=org.apache.derby.jdbc.ClientDriver:org.postgresql.Driver
Then I created a new Connection Pool:
Datasource Classname:
org.postgresql.ds.PGPoolingDataSource
Resource Type:
javax.sql.ConnectionPoolDataSource
and provided username, password, hostname and databasename to the properties. All worked fine, pinging the database is successful - I turned on non-ssl connections for this.
Since my database is on a different server, I'd like to use SSL for securing the connection between these two servers. The connection itself is working via SSL from Creator for example, where I can add a datasource with an connection url like this one:
jdbc:postgresql://<host.tld>/<user>?user=<user>&password= <whatever>&ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFac tory
The data source then uses SSL (I don't allow normal connections by default) without certificate checks (I know I can import the certificate with keytool to enable this).
Now, when I'm trying to enable SSL in my AS by setting the properties
ssltrue
sslfactoryorg.postgresql.ssl.NonValidatingFactory
and disabling non-ssl connections at my database machine again, I can't ping the database anymore:
FATAL: no pg_hba.conf-entry for host "<ip>", user "<username>", database "<database">, SSL off
It seems that SSL is not turned on properly by these two settings. I tried other writing with different cases - no success. I tried to give a complete connection url als property 'url' but then I can't even connect. I searched here in the forums and google for some solution, but found only questions like mine.
Has anyone an idea who to get SSL working with a PostgreSQL connection pool? Or if there is a way to supply a complete connection url - who do I do this?
Thanks for any hints,
Jan
