ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacques Le Roux <jacques.le.r...@les7arts.com>
Subject Re: unexpected_message error when connecting to remote postgresql database over ssl
Date Sat, 11 Jan 2020 09:00:26 GMT
You can use free letsencrypt cert

Jacques

Le 11/01/2020 à 08:38, Bagas Sanjaya a écrit :
> Aha!
>
> Actually I use custom (internal) CA for doing remote connection.
>
> When trying to add dummy OCSP responder address (I did this for testing), I made a typo
omitting colon from `http://` scheme.
>
> For PostgreSQL log as you mention, I think the server will log the IP address of connecting
party instead of the hostname.
>
> Disclaimer: My internal CA "borrow" from Linode (linode.com), so the CA isn't affiliated
with Linode.
>
> On 11/01/20 05.08, Robert Wynkoop wrote:
>> Not an expert here.
>>
>> I see this in your log:
>>
>> Unparseable AuthorityInfoAccess extension due to
>> java.io.IOException: URI name must include scheme:http//ocsp.ca.linode.com
>>
>> I know when doing a secure connection, the serer must return a cert
>> where the issuer can be validated.
>>
>>  From your log:
>>
>> 2020-01-09 08:29:14.952 UTC [1893] LOG:  connection received:
>> host=10.29.106.190 port=60432
>>
>> I do not believe 10.29.106.190 can be verified as a valid host.
>>
>> Hope this might help.
>>
>> Robert Wynkoop
>>
>>
>> On Thu, Jan 9, 2020 at 2:55 AM Bagas Sanjaya <bagasdotme@gmail.com> wrote:
>>
>>> Hello,
>>>
>>> I'm trying loading OFBiz demo data (trunk version) to remote PostgreSQL
>>> database.
>>>
>>> The system running the database use PostgreSQL 12. I connect to database
>>> using PostgreSQL JDBC 42.2.8.
>>>
>>> I follow [JDBC
>>> guide](https://jdbc.postgresql.org/documentation/91/ssl-client.html).
>>>
>>> The story short, I got `fatal alert: unexpected message` message, which
>>> cause data loading to fail.
>>>
>>> However, when test connect to one of databases with `psql`, the database
>>> can be connected successfully.
>>>
>>> On database instance side, the log shows at the time of error:
>>>
>>>   > could not accept SSL connection: ccs received early
>>>
>>> Full logs are available at:
>>> [1] [PostgreSQL Server Log]http://paste.ubuntu.com/p/4Kn8wYPZDs/
>>> [2] [OFBiz Log, with SSL Debug log until first
>>> fail](http://paste.ubuntu.com/p/WBknj9DKQz/)
>>>
>>> Disabling SSL on the server (as well as setting appropriate JDBC
>>> database URI) serve as workaround, unfortunately.
>>>
>>> So what's wrong here?
>>>
>>> Bagas
>>>
>>> -- 
>>> An old man doll... just what I always wanted! - Clara
>>>
>>
>

Mime
View raw message