You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-user@db.apache.org by ol...@me.com on 2009/05/18 00:34:29 UTC

Network encryption and authentication with SSL/TLS

Dear Derby Users

Can anyone help me with the following:

I have a derby network server install on a virtual private server machine.

When the server is started in this fashion:

RUNCOMMAND="bin/startNetworkServer -h 0.0.0.0"

I can connect, insert, delete and query my database.


However, when the server is started using this command:

RUNCOMMAND="bin/startNetworkServer -h 0.0.0.0 -ssl peerAuthentication"

I am not able to connect to access my database, and I am forever getting a 08001 error.

I am using this code:

System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
System.setProperty("javax.net.ssl.keyStorePassword","abc");
String s = "jdbc:derby://domainName.com:1527/db;ssl=basic";
Class.forName(org.apache.derby.jdbc.ClientDriver).newInstance();
Connection c = DriverManager.getConnection(s);


When I try to ping the server I get the following error:

Invalid reply header from network server: Invalid string. Plaintext connection attempt to an SSL enabled server?

Could someone please explain why I cannot connect when the server does the authentication?

Thanks
Steve

Re: Network encryption and authentication with SSL/TLS

Posted by Kristian Waagan <Kr...@Sun.COM>.

oluj@me.com wrote:
> Dear Derby Users
>
> Can anyone help me with the following:
>
> I have a derby network server install on a virtual private server machine.
>
> When the server is started in this fashion:
>
> RUNCOMMAND="bin/startNetworkServer -h 0.0.0.0"
>
> I can connect, insert, delete and query my database.
>
>
> However, when the server is started using this command:
>
> RUNCOMMAND="bin/startNetworkServer -h 0.0.0.0 -ssl peerAuthentication"
>
> I am not able to connect to access my database, and I am forever getting a 08001 error.
>
> I am using this code:
>
> System.setProperty("javax.net.ssl.keyStore","clientKeyStore.key");
> System.setProperty("javax.net.ssl.keyStorePassword","abc");
> String s = "jdbc:derby://domainName.com:1527/db;ssl=basic";
> Class.forName(org.apache.derby.jdbc.ClientDriver).newInstance();
> Connection c = DriverManager.getConnection(s);
>
>
> When I try to ping the server I get the following error:
>
> Invalid reply header from network server: Invalid string. Plaintext connection attempt to an SSL enabled server?
>
> Could someone please explain why I cannot connect when the server does the authentication?
>   

Hello Steve,

Don't you have to use ssl=peerAuthentication on both the server and the 
client?
There is a white paper on security for Apache Derby / Java DB on the Sun 
Developer Network site [1] (look under "Reference"). It has a 
description / example on how to configure SSL.


FYI: You're using the DriverManager above, but note that there is an 
issue with SSL configuration in the ClientConnectionPoolDataSource and 
ClientXADataSource in Derby 10.4.2.0 and earlier versions.


-- 
Kristian

[1] http://developers.sun.com/javadb/index.jsp
> Thanks
> Steve
>