ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bagas Sanjaya <bagasdo...@gmail.com>
Subject Re: unexpected_message error when connecting to remote postgresql database over ssl
Date Sat, 11 Jan 2020 07:38:22 GMT
Aha!

Actually I use custom (internal) CA for doing remote connection.

When trying to add dummy OCSP responder address (I did this for 
testing), I made a typo omitting colon from `http://` scheme.

For PostgreSQL log as you mention, I think the server will log the IP 
address of connecting party instead of the hostname.

Disclaimer: My internal CA "borrow" from Linode (linode.com), so the CA 
isn't affiliated with Linode.

On 11/01/20 05.08, Robert Wynkoop wrote:
> Not an expert here.
> 
> I see this in your log:
> 
> Unparseable AuthorityInfoAccess extension due to
> java.io.IOException: URI name must include scheme:http//ocsp.ca.linode.com
> 
> I know when doing a secure connection, the serer must return a cert
> where the issuer can be validated.
> 
>  From your log:
> 
> 2020-01-09 08:29:14.952 UTC [1893] LOG:  connection received:
> host=10.29.106.190 port=60432
> 
> I do not believe 10.29.106.190 can be verified as a valid host.
> 
> Hope this might help.
> 
> Robert Wynkoop
> 
> 
> On Thu, Jan 9, 2020 at 2:55 AM Bagas Sanjaya <bagasdotme@gmail.com> wrote:
> 
>> Hello,
>>
>> I'm trying loading OFBiz demo data (trunk version) to remote PostgreSQL
>> database.
>>
>> The system running the database use PostgreSQL 12. I connect to database
>> using PostgreSQL JDBC 42.2.8.
>>
>> I follow [JDBC
>> guide](https://jdbc.postgresql.org/documentation/91/ssl-client.html).
>>
>> The story short, I got `fatal alert: unexpected message` message, which
>> cause data loading to fail.
>>
>> However, when test connect to one of databases with `psql`, the database
>> can be connected successfully.
>>
>> On database instance side, the log shows at the time of error:
>>
>>   > could not accept SSL connection: ccs received early
>>
>> Full logs are available at:
>> [1] [PostgreSQL Server Log]http://paste.ubuntu.com/p/4Kn8wYPZDs/
>> [2] [OFBiz Log, with SSL Debug log until first
>> fail](http://paste.ubuntu.com/p/WBknj9DKQz/)
>>
>> Disabling SSL on the server (as well as setting appropriate JDBC
>> database URI) serve as workaround, unfortunately.
>>
>> So what's wrong here?
>>
>> Bagas
>>
>> --
>> An old man doll... just what I always wanted! - Clara
>>
> 

-- 
An old man doll... just what I always wanted! - Clara

Mime
View raw message