This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

To connect with postgres on gcp with ssl enabled

Posted on 03-23-2023 08:48 AM
jayanthithi
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

In order to connect a JAVA application with postgres on GCP (SSL Enabled),  we are adding three cert files in the jdbc url:

sslKey , sslRootCert & sslCert

.PEM cert is accepted for sslRootCert & sslCert.

But for sslKey. we have to give either .PK5 or .DER format to establish a connection successfully.

Is it not possible to provide .PEM cert file for sslKey in jdbc url ? Kindly can someone explain , if it will not work with .PEM ? 

Thank you.

 

Solved Solved
1 3 3,269
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
christianpaula
Staff
Reply posted on --/--/---- --:-- AM

Hi @jayanthithi,

Welcome to Google Cloud Community!

In order to connect to PostgreSQL on GCP with SSL enabled from a Java application, you need to provide three certificate files in the JDBC URL: sslRootCert, sslCert, and sslKey. While .PEM format is accepted for sslRootCert and sslCert, Java's SSL implementation requires the SSL key file to be in either PKCS#5 (.p5k) or PKCS#8 (.der) format.

To convert your .PEM SSL key file to PKCS#5 or PKCS#8 format, you can use the openssl command-line tool. Alternatively, you can generate a new SSL key file in PKCS#5 or PKCS#8 format from scratch. Once you have your SSL key file in the required format, you can include it in your JDBC URL along with the other certificate files to establish a secure connection to PostgreSQL on GCP.

Thank you.

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
christianpaula
Staff
Reply posted on --/--/---- --:-- AM

Hi @jayanthithi,

Welcome to Google Cloud Community!

In order to connect to PostgreSQL on GCP with SSL enabled from a Java application, you need to provide three certificate files in the JDBC URL: sslRootCert, sslCert, and sslKey. While .PEM format is accepted for sslRootCert and sslCert, Java's SSL implementation requires the SSL key file to be in either PKCS#5 (.p5k) or PKCS#8 (.der) format.

To convert your .PEM SSL key file to PKCS#5 or PKCS#8 format, you can use the openssl command-line tool. Alternatively, you can generate a new SSL key file in PKCS#5 or PKCS#8 format from scratch. Once you have your SSL key file in the required format, you can include it in your JDBC URL along with the other certificate files to establish a secure connection to PostgreSQL on GCP.

Thank you.

Jump to Solution

Posted on --/--/---- --:-- AM
jayanthithi
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Thank you so much ! Just want to clarify if this is the only possible solution.

I understand, as Java's SSL implementation cannot read a .PEM file, we have to always convert a .PEM to .PKS file. As this is related to one customer implementation(involving usage of more .PEM files), there is considerable effort spent in conversion as well.

So  would like to know if there is any work around for jdbc application, which can work with .PEM without any conversion. 

Thank you once again !

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
ngp2sydney
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

i too have similar issue, is there any final solution for this?

 

Jump to Solution
0 Likes
Top Solution Authors
View all