postgres jdbc connection string with ssl certficate ( without keystore)

Question

We want to connect the PostgreSQL db through jdbc using the self signed certificate. Keystore option is available but i want to pass the certificate though my jdbc command line . is there any option available for the same

Answer 1

To connect to a Postgres server that uses a self-signed certificate, set the sslmode to require. The client will not verify the CA cert or hostname, which is a good fit for a self-signed cert. There is no need for a keystone.

jdbc:postgresql://host:port/database?ssl=true&sslmode=require

Laurenz Albe's answer covers how to make the Postgres server verify the client's identity.

To verify the server's CA and its hostname:

jdbc:postgresql://host:port/database?ssl=true&sslmode=verify-full&sslrootcert=/my-path/key.pem

It expects the CA's certificate at /my-path/key.pem

sslmode=verify-ca will check the CA but not the hostname.

There is more information on the Postgres JDBC Driver website about configuring the client for SSL and about the connection configuration parameters.

Answer 2

According to the documentation, the URL will look somewhat like this:

jdbc:postgresql://host:port/database?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&sslcert=/path/to/cert&sslkey=/path/to/key

This assumes that the client doesn't need to verify the server's certificate, but the server will verify the client's certificate.