unexpected_message error when connecting to remote postgresql database over ssl
Locked
unexpected_message error when connecting to remote postgresql database over ssl
 
|
Hello,
I'm trying loading OFBiz demo data (trunk version) to remote PostgreSQL database. The system running the database use PostgreSQL 12. I connect to database using PostgreSQL JDBC 42.2.8. I follow [JDBC guide](https://jdbc.postgresql.org/documentation/91/ssl-client.html). The story short, I got `fatal alert: unexpected message` message, which cause data loading to fail. However, when test connect to one of databases with `psql`, the database can be connected successfully. On database instance side, the log shows at the time of error: > could not accept SSL connection: ccs received early Full logs are available at: [1] [PostgreSQL Server Log]http://paste.ubuntu.com/p/4Kn8wYPZDs/ [2] [OFBiz Log, with SSL Debug log until first fail](http://paste.ubuntu.com/p/WBknj9DKQz/) Disabling SSL on the server (as well as setting appropriate JDBC database URI) serve as workaround, unfortunately. So what's wrong here? Bagas -- An old man doll... just what I always wanted! - Clara |
Re: unexpected_message error when connecting to remote postgresql database over ssl
|
|
Not an expert here.
I see this in your log: Unparseable AuthorityInfoAccess extension due to java.io.IOException: URI name must include scheme:http//ocsp.ca.linode.com I know when doing a secure connection, the serer must return a cert where the issuer can be validated. From your log: 2020-01-09 08:29:14.952 UTC [1893] LOG: connection received: host=10.29.106.190 port=60432 I do not believe 10.29.106.190 can be verified as a valid host. Hope this might help. Robert Wynkoop On Thu, Jan 9, 2020 at 2:55 AM Bagas Sanjaya <[hidden email]> wrote: > Hello, > > I'm trying loading OFBiz demo data (trunk version) to remote PostgreSQL > database. > > The system running the database use PostgreSQL 12. I connect to database > using PostgreSQL JDBC 42.2.8. > > I follow [JDBC > guide](https://jdbc.postgresql.org/documentation/91/ssl-client.html). > > The story short, I got `fatal alert: unexpected message` message, which > cause data loading to fail. > > However, when test connect to one of databases with `psql`, the database > can be connected successfully. > > On database instance side, the log shows at the time of error: > > > could not accept SSL connection: ccs received early > > Full logs are available at: > [1] [PostgreSQL Server Log]http://paste.ubuntu.com/p/4Kn8wYPZDs/ > [2] [OFBiz Log, with SSL Debug log until first > fail](http://paste.ubuntu.com/p/WBknj9DKQz/) > > Disabling SSL on the server (as well as setting appropriate JDBC > database URI) serve as workaround, unfortunately. > > So what's wrong here? > > Bagas > > -- > An old man doll... just what I always wanted! - Clara > |
Re: unexpected_message error when connecting to remote postgresql database over ssl
|
|
Bagas,
Also you try turning off ssl, since this is not your prod. add ";sslfactory=org.postgresql.ssl.NonValidatingFactory" to the end of your database connection string. Robert Wynkoop Still not an expert. On Fri, Jan 10, 2020 at 4:08 PM Robert Wynkoop <[hidden email]> wrote: > Not an expert here. > > I see this in your log: > > Unparseable AuthorityInfoAccess extension due to > java.io.IOException: URI name must include scheme:http//ocsp.ca.linode.com > > I know when doing a secure connection, the serer must return a cert where the issuer can be validated. > > From your log: > > 2020-01-09 08:29:14.952 UTC [1893] LOG: connection received: host=10.29.106.190 port=60432 > > I do not believe 10.29.106.190 can be verified as a valid host. > > Hope this might help. > > Robert Wynkoop > > > On Thu, Jan 9, 2020 at 2:55 AM Bagas Sanjaya <[hidden email]> wrote: > >> Hello, >> >> I'm trying loading OFBiz demo data (trunk version) to remote PostgreSQL >> database. >> >> The system running the database use PostgreSQL 12. I connect to database >> using PostgreSQL JDBC 42.2.8. >> >> I follow [JDBC >> guide](https://jdbc.postgresql.org/documentation/91/ssl-client.html). >> >> The story short, I got `fatal alert: unexpected message` message, which >> cause data loading to fail. >> >> However, when test connect to one of databases with `psql`, the database >> can be connected successfully. >> >> On database instance side, the log shows at the time of error: >> >> > could not accept SSL connection: ccs received early >> >> Full logs are available at: >> [1] [PostgreSQL Server Log]http://paste.ubuntu.com/p/4Kn8wYPZDs/ >> [2] [OFBiz Log, with SSL Debug log until first >> fail](http://paste.ubuntu.com/p/WBknj9DKQz/) >> >> Disabling SSL on the server (as well as setting appropriate JDBC >> database URI) serve as workaround, unfortunately. >> >> So what's wrong here? >> >> Bagas >> >> -- >> An old man doll... just what I always wanted! - Clara >> > |
Re: unexpected_message error when connecting to remote postgresql database over ssl
|
|
In reply to this post by Robert Wynkoop
Aha!
Actually I use custom (internal) CA for doing remote connection. When trying to add dummy OCSP responder address (I did this for testing), I made a typo omitting colon from `http://` scheme. For PostgreSQL log as you mention, I think the server will log the IP address of connecting party instead of the hostname. Disclaimer: My internal CA "borrow" from Linode (linode.com), so the CA isn't affiliated with Linode. On 11/01/20 05.08, Robert Wynkoop wrote: > Not an expert here. > > I see this in your log: > > Unparseable AuthorityInfoAccess extension due to > java.io.IOException: URI name must include scheme:http//ocsp.ca.linode.com > > I know when doing a secure connection, the serer must return a cert > where the issuer can be validated. > > From your log: > > 2020-01-09 08:29:14.952 UTC [1893] LOG: connection received: > host=10.29.106.190 port=60432 > > I do not believe 10.29.106.190 can be verified as a valid host. > > Hope this might help. > > Robert Wynkoop > > > On Thu, Jan 9, 2020 at 2:55 AM Bagas Sanjaya <[hidden email]> wrote: > >> Hello, >> >> I'm trying loading OFBiz demo data (trunk version) to remote PostgreSQL >> database. >> >> The system running the database use PostgreSQL 12. I connect to database >> using PostgreSQL JDBC 42.2.8. >> >> I follow [JDBC >> guide](https://jdbc.postgresql.org/documentation/91/ssl-client.html). >> >> The story short, I got `fatal alert: unexpected message` message, which >> cause data loading to fail. >> >> However, when test connect to one of databases with `psql`, the database >> can be connected successfully. >> >> On database instance side, the log shows at the time of error: >> >> > could not accept SSL connection: ccs received early >> >> Full logs are available at: >> [1] [PostgreSQL Server Log]http://paste.ubuntu.com/p/4Kn8wYPZDs/ >> [2] [OFBiz Log, with SSL Debug log until first >> fail](http://paste.ubuntu.com/p/WBknj9DKQz/) >> >> Disabling SSL on the server (as well as setting appropriate JDBC >> database URI) serve as workaround, unfortunately. >> >> So what's wrong here? >> >> Bagas >> >> -- >> An old man doll... just what I always wanted! - Clara >> > -- An old man doll... just what I always wanted! - Clara |
Re: unexpected_message error when connecting to remote postgresql database over ssl
Administrator
|
You can use free letsencrypt cert
Jacques Le 11/01/2020 à 08:38, Bagas Sanjaya a écrit : > Aha! > > Actually I use custom (internal) CA for doing remote connection. > > When trying to add dummy OCSP responder address (I did this for testing), I made a typo omitting colon from `http://` scheme. > > For PostgreSQL log as you mention, I think the server will log the IP address of connecting party instead of the hostname. > > Disclaimer: My internal CA "borrow" from Linode (linode.com), so the CA isn't affiliated with Linode. > > On 11/01/20 05.08, Robert Wynkoop wrote: >> Not an expert here. >> >> I see this in your log: >> >> Unparseable AuthorityInfoAccess extension due to >> java.io.IOException: URI name must include scheme:http//ocsp.ca.linode.com >> >> I know when doing a secure connection, the serer must return a cert >> where the issuer can be validated. >> >> From your log: >> >> 2020-01-09 08:29:14.952 UTC [1893] LOG: connection received: >> host=10.29.106.190 port=60432 >> >> I do not believe 10.29.106.190 can be verified as a valid host. >> >> Hope this might help. >> >> Robert Wynkoop >> >> >> On Thu, Jan 9, 2020 at 2:55 AM Bagas Sanjaya <[hidden email]> wrote: >> >>> Hello, >>> >>> I'm trying loading OFBiz demo data (trunk version) to remote PostgreSQL >>> database. >>> >>> The system running the database use PostgreSQL 12. I connect to database >>> using PostgreSQL JDBC 42.2.8. >>> >>> I follow [JDBC >>> guide](https://jdbc.postgresql.org/documentation/91/ssl-client.html). >>> >>> The story short, I got `fatal alert: unexpected message` message, which >>> cause data loading to fail. >>> >>> However, when test connect to one of databases with `psql`, the database >>> can be connected successfully. >>> >>> On database instance side, the log shows at the time of error: >>> >>> > could not accept SSL connection: ccs received early >>> >>> Full logs are available at: >>> [1] [PostgreSQL Server Log]http://paste.ubuntu.com/p/4Kn8wYPZDs/ >>> [2] [OFBiz Log, with SSL Debug log until first >>> fail](http://paste.ubuntu.com/p/WBknj9DKQz/) >>> >>> Disabling SSL on the server (as well as setting appropriate JDBC >>> database URI) serve as workaround, unfortunately. >>> >>> So what's wrong here? >>> >>> Bagas >>> >>> -- >>> An old man doll... just what I always wanted! - Clara >>> >> > |
«
Return to OFBiz - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |