Return-Path: Delivered-To: apmail-db-derby-user-archive@www.apache.org Received: (qmail 52083 invoked from network); 18 May 2009 07:13:59 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 18 May 2009 07:13:59 -0000 Received: (qmail 24394 invoked by uid 500); 18 May 2009 07:13:59 -0000 Delivered-To: apmail-db-derby-user-archive@db.apache.org Received: (qmail 24320 invoked by uid 500); 18 May 2009 07:13:59 -0000 Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Discussion" Delivered-To: mailing list derby-user@db.apache.org Received: (qmail 24312 invoked by uid 99); 18 May 2009 07:13:59 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 May 2009 07:13:59 +0000 X-ASF-Spam-Status: No, hits=-2.5 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [192.18.6.21] (HELO gmp-eb-inf-1.sun.com) (192.18.6.21) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 May 2009 07:13:47 +0000 Received: from fe-emea-10.sun.com (gmp-eb-lb-2-fe2.eu.sun.com [192.18.6.11]) by gmp-eb-inf-1.sun.com (8.13.7+Sun/8.12.9) with ESMTP id n4I7DQbd010578 for ; Mon, 18 May 2009 07:13:26 GMT MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII; format=flowed Received: from conversion-daemon.fe-emea-10.sun.com by fe-emea-10.sun.com (Sun Java(tm) System Messaging Server 7u2-7.02 64bit (built Apr 16 2009)) id <0KJT00D00VPQF900@fe-emea-10.sun.com> for derby-user@db.apache.org; Mon, 18 May 2009 08:13:26 +0100 (BST) Received: from [129.159.139.223] ([unknown] [129.159.139.223]) by fe-emea-10.sun.com (Sun Java(tm) System Messaging Server 7u2-7.02 64bit (built Apr 16 2009)) with ESMTPSA id <0KJT00MKQW2C6Q00@fe-emea-10.sun.com> for derby-user@db.apache.org; Mon, 18 May 2009 08:13:26 +0100 (BST) Date: Mon, 18 May 2009 09:12:14 +0200 From: Kristian Waagan Subject: Re: Network encryption and authentication with SSL/TLS In-reply-to: <52041694385127156678361848794355508530-Webmail@me.com> Sender: Kristian.Waagan@Sun.COM To: Derby Discussion Message-id: <4A110A4E.5010505@Sun.COM> References: <52041694385127156678361848794355508530-Webmail@me.com> User-Agent: Thunderbird 2.0.0.21 (X11/20090323) X-Virus-Checked: Checked by ClamAV on apache.org oluj@me.com wrote: > Dear Derby Users > > Can anyone help me with the following: > > I have a derby network server install on a virtual private server machine. > > When the server is started in this fashion: > > RUNCOMMAND="bin/startNetworkServer -h 0.0.0.0" > > I can connect, insert, delete and query my database. > > > However, when the server is started using this command: > > RUNCOMMAND="bin/startNetworkServer -h 0.0.0.0 -ssl peerAuthentication" > > I am not able to connect to access my database, and I am forever getting a 08001 error. > > I am using this code: > > System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key"); > System.setProperty("javax.net.ssl.keyStorePassword","abc"); > String s = "jdbc:derby://domainName.com:1527/db;ssl=basic"; > Class.forName(org.apache.derby.jdbc.ClientDriver).newInstance(); > Connection c = DriverManager.getConnection(s); > > > When I try to ping the server I get the following error: > > Invalid reply header from network server: Invalid string. Plaintext connection attempt to an SSL enabled server? > > Could someone please explain why I cannot connect when the server does the authentication? > Hello Steve, Don't you have to use ssl=peerAuthentication on both the server and the client? There is a white paper on security for Apache Derby / Java DB on the Sun Developer Network site [1] (look under "Reference"). It has a description / example on how to configure SSL. FYI: You're using the DriverManager above, but note that there is an issue with SSL configuration in the ClientConnectionPoolDataSource and ClientXADataSource in Derby 10.4.2.0 and earlier versions. -- Kristian [1] http://developers.sun.com/javadb/index.jsp > Thanks > Steve >