SSL support in JDBC

[Barry Lind <blind(at)xythos(dot)com>]

I have just verified that the SSL support added into the 7.4 driver is 
working correctly, even against the new v3 protocol of a 7.4 database.

Here are my notes on how to enable SSL on both the server and jdbc client.

build ssl support into postgres server

	./configure --with-openssl
	make
	make install

enable ssl in postgresql.conf

	ssl = true

add ssl to pg_hba.conf file:

	hostssl ....

Create a quick self-signed certificate using the following OpenSSL command:

	openssl req -new -text -out server.req

Fill out the information that openssl asks for. The challenge password
can be left blank. The programm will generate a key that is passphrase
protected; it will not accept a passphrase that is less than four
characters long. To remove the passphrase (as you must if you want
automatic start-up of the server), run the commands

	openssl rsa -in privkey.pem -out server.key	
	rm privkey.pem

Enter the old passphrase to unlock the existing key. Now do

	openssl req -x509 -in server.req -text -key server.key -out server.crt
	chmod og-rwx server.key

to turn the certificate into a self-signed certificate and copy the key
and certificate to the data directory of the server.

Now convert the server.crt to a format java can import on the client:

	openssl x509 -in server.crt -out server.crt.der -outform der

Now import the cert into the java keystore:

	keytool -keystore [your java home here]/lib/security/cacerts -alias 
[any name for the cert you like (i.e. postgres)] -import -file 
server.crt.der

enter the password for the cacerts keystore (default is 'changeit').
Say yes to trust this cert.

Restart the database server and you are done.

To use SSL in jdbc add "?ssl" to the connection url.

I tested the above against both a 7.3 and 7.4 database using the current 
development sources on java1.4.

thanks,
--Barry