Managing Certificates In CF Administrator

Question

I'm using keytool for importing and managing certificates. However, when validating a datasource I'm using that requires an x.509 certificate that I need to test the error message isn't helpful:

org.postgresql.util.PSQLException: Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.

I recall seeing some plug in page for CF Administrator that allows you to upload and manage certificates from the browser, but I can't find anything. Is it even Adobe-created, or third party?

Answer 1

I looks like your JDBC connection test never got as far as making a TCP/IP connection, let alone negotiating for X.509 client certificates during the SSL handshake. Assuming that the error message you quote is from the test you were running in an attempt to test the certificate, that is; it isn't entirely clear from the question.

Check to make sure that PostgreSQL is actually running on the host you specified and listening on the correct TCP/IP port (5432 by default). You'll also have to make sure it's properly configured for X.509 client certificate auth, but I imagine you've done that if you're trying to test against it.

BTW, older versions of Pg servers have a bug that'll cause PgJDBC to fail to negotiate for the correct client certificate when you have more than one private key in your keystore. I've gone back in the git log to find the commit that fixed this, c3bf3bf2aa0998876fd219fbfcc771fb83594539. git tag --contains c3bf3bf2aa0998876fd219fbfcc771fb83594539 confirms that the fix first appeared in 9.0.