Experimental Physics and
Industrial Control System

Hi:

In short, I have no idea, especially not for PostgreSQL since I’m not using that.

But it could require some of the following:

1) Adjust the URL that you use to connect to PostgreSQL, the "jdbc://postgresql://..”, to tell the PostgreSQL client library that you want to use SSL when connecting to the server. Need to read the PostgreSQL manual for details. Maybe that’s all that you need.

2) Maybe need to add certificates to the JVM so that it can connect to the PostgreSQL server. Something like 
$JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -alias MySQLCert -file my_sql_cert.pem.

3) Maybe the plain postgresql*jdbc.jar that we include in CSS is not sufficient for connecting via SSL. In that case, the additional jar files will need to be identified and added.

-Kay


> On Jun 1, 2016, at 5:43 AM, Zumbruch, Peter Dr. <[email protected]> wrote:
> 
> Hi,
> I am using the CSS based RDB Channel Archiver and the PostgreSQL database – not under my control  - requires SSL on, at least the mode “required”.
> When running the ArchiveConfigTool (3.2.15) how/where can I modify it to be “SSL-aware”?
>  
> Otherwise I get this error message:
> $ ArchiveConfigTool -pluginCustomization settings_hades_scs_css_archive.ini -import -engine HadesArchiveEngine -config hadesArchive_css.xml -descriptionHADES_Archiver -replace_engine
> Importing     : hadesArchive_css.xml
> Engine        : HadesArchiveEngine
> Description   : HADES_Archiver
> URL           : http://localhost:4812/main
> Replace engine: true
> Steal channels: false
> 2016-06-01 11:39:57.677 SEVERE [Thread 1] org.csstudio.archive.config.rdb.ArchiveConfigApplication (start) - Exception
> org.postgresql.util.PSQLException: FATAL: client authentication failed
>   Detail: no pool_hba.conf entry for host "140.181.75.165", user "hades_scs_css_archive", database "hades_scs_css_archive", SSL off
>   Hint: see pgpool log for details
>         at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:408)
>         at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:181)
>         at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:64)
>         at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:144)
>         at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:29)
>         at org.postgresql.jdbc3g.AbstractJdbc3gConnection.<init>(AbstractJdbc3gConnection.java:21)
>         at org.postgresql.jdbc4.AbstractJdbc4Connection.<init>(AbstractJdbc4Connection.java:31)
>         at org.postgresql.jdbc4.Jdbc4Connection.<init>(Jdbc4Connection.java:24)
>         at org.postgresql.Driver.makeConnection(Driver.java:410)
>         at org.postgresql.Driver.connect(Driver.java:280)
>         at java.sql.DriverManager.getConnection(DriverManager.java:664)
>         at java.sql.DriverManager.getConnection(DriverManager.java:247)
>         at org.csstudio.platform.utility.rdb.internal.PostgreSQL_RDB.connect(PostgreSQL_RDB.java:44)
>         at org.csstudio.platform.utility.rdb.RDBUtil.<init>(RDBUtil.java:179)
>         at org.csstudio.platform.utility.rdb.RDBUtil.connect(RDBUtil.java:143)
>         at org.csstudio.archive.config.rdb.RDBArchiveConfig.<init>(RDBArchiveConfig.java:80)
>         at org.csstudio.archive.config.rdb.XMLImport.<init>(XMLImport.java:123)
>         at org.csstudio.archive.config.rdb.ArchiveConfigApplication.start(ArchiveConfigApplication.java:207)
>         at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:196)
>         at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:134)
>         at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:104)
>         at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:380)
>         at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:235)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:497)
>         at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:648)
>         at org.eclipse.equinox.launcher.Main.basicRun(Main.java:603)
>         at org.eclipse.equinox.launcher.Main.run(Main.java:1465)
>         at org.eclipse.equinox.launcher.Main.main(Main.java:1438)
>  
> Any help appreciated,
> With best regards,
> Peter
>  
> -- 
> Dr. Peter Zumbruch
> Experiment Electronics / Controls group 
> 
> Phone / Telefon: +49-6159-71-1435 
> Fax: +49-6159-71-2986 
> E-Mail: [email protected]
> 
> GSI Helmholtzzentrum für Schwerionenforschung GmbH
> Planckstraße 1, 64291 Darmstadt, Germany, www.gsi.de
> 
> Commercial Register / Handelsregister: Amtsgericht Darmstadt, HRB 1528
> Managing Directors / Geschäftsführung:
> Ursula Weyrich, Professor Dr. Karlheinz Langanke, Jörg Blaurock
> Chairman of the Supervisory Board / Vorsitzender des GSI-Aufsichtsrats:
> State Secretary / Staatssekretär Dr. Georg Schütte

References:

CSS vs. SSL Zumbruch, Peter Dr.

Navigate by Date:

Prev: RE: PCASpy 0.6 Wang Xiaoqiang (PSI)

Next: Re: calculating macros Andrew Johnson

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  <2016>  2017  2018  2019  2020  2021  2022  2023  2024 

Navigate by Thread:

Prev: CSS vs. SSL Zumbruch, Peter Dr.

Next: Re: CSS vs. SSL Horton-Smith, Glenn

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  <2016>  2017  2018  2019  2020  2021  2022  2023  2024