问题
I have a postgres docker image that i am using and I am enabling SSL on it. I want it to verify-full because I have a root.crt and want to make sure all the certs that can use SSL are verified. So, in my docker-compose file, i have mounted my server.crt and server.key to /var/ssl and my root.crt to /root/.postgresql.
volumes: - ~/server_certs:/var/ssl - ~/root_certs:/root/.postgresql
and the error i get is
ERROR [2018-07-10 20:28:24,355] org.apache.tomcat.jdbc.pool.ConnectionPool: Unable to create initial connections of pool.
! java.io.FileNotFoundException: /root/.postgresql/root.crt (No such file or directory)
! at java.io.FileInputStream.open0(Native Method)
! at java.io.FileInputStream.open(FileInputStream.java:195)
! at java.io.FileInputStream.<init>(FileInputStream.java:138)
! at java.io.FileInputStream.<init>(FileInputStream.java:93)
! at org.postgresql.ssl.jdbc4.LibPQFactory.<init>(LibPQFactory.java:124)
! ... 32 common frames omitted
! Causing: org.postgresql.util.PSQLException: Could not open SSL root certificate file /root/.postgresql/root.crt.
Any help with getting postgres to find the root.crt would be greatly appreciated (postgres 10 btw)
回答1:
As a workaround you can add sslmode=require (no certificate validation!) or sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory (validate certificate using JRE trust store) to your JDBC url.
This behavior and the mentioned workaround are described in https://github.com/pgjdbc/pgjdbc/issues/1307
来源:https://stackoverflow.com/questions/51291765/root-crt-not-found-postgresql