Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to pass certificate path with Postgres database url string for SSL connection

Tags:

postgresql

ssl

ssl-certificate

jdbc

amazon-rds

I am trying to secure connection to AWS RDS instance over SSL for my Spring boot application. I have looked upon several blogs and official documentation and accordingly modified my connection string to contain certain parameter related to SSL connection.

I have my certificate placed inside a cert folder in resources. Below is how I have tried to pass the certificate path:

jdbc:postgresql://myamazondomain.rds.amazonaws.com:5432/db_name?sslmode=verify-full&sslrootcert=/cert/rds-ca-cert_name.p12&password=my_passwrord

Also I have tried:

jdbc:postgresql://myamazondomain.rds.amazonaws.com:5432/db_name?sslmode=verify-full&sslrootcert=/src/main/resources/cert/rds-ca-cert_name.p12&password=mypassword

However, when I try to connect to the RDS from my ECS container, I receive the following error:

ERROR com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Exception during pool initialization.
org.postgresql.util.PSQLException: Could not open SSL root certificate file /cert/rds-ca-cert_name.p12.

at org.postgresql.ssl.LibPQFactory.<init>(LibPQFactory.java:120)

at org.postgresql.core.SocketFactoryFactory.getSslSocketFactory(SocketFactoryFactory.java:61)

at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:33)

at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:435)

at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:94)

at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)

at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)

at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)

at org.postgresql.Driver.makeConnection(Driver.java:454)

Can someone suggest what is the error here. What is the correct way of passing the certificate stored in classpath to jdbc connection string.

like image 233
Saurabh Tiwari Avatar asked Feb 17 '26 21:02

Saurabh Tiwari

1 Answers

We need to use SingleCertValidatingFactory class to specify certificate file on classpath (or from file system, environment variables etc). This class has argument sslfactoryarg where we can add path to certificate file.

Your URL should look like:

jdbc:postgresql://myamazondomain.rds.amazonaws.com:5432/db_name?sslmode=verify-full&sslfactory=org.postgresql.ssl.SingleCertValidatingFactory&sslfactoryarg=classpath:cert/rds-ca-cert_name.p12

like image 116
Ganesh Modak Avatar answered Feb 20 '26 14:02

Ganesh Modak

Sign in to Comment

Related questions

How to select all the hierarchy of a table with levels in PostgreSQL
JDBI interval postgresql
Postgres Hibernate set session variables for row level security
How to install psycopg2 for django on mac
select empty object in jsonb_each in postgres
rake db:migrate runs into an error for an undefined method
org.postgresql.util.PSQLException: FATAL: password authentication failed for user "postgres" while connecting to postgress from Spring Boot

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!