[pgsql-jp: 37618] Re: JAVAアプリケーションからのSSL接続

岩瀬 肇 iwase-h @ cnt.mxy.nes.nec.co.jp
2006年 10月 24日 (火) 15:21:15 JST


$B4d@%$G$9!#(B

PostgreSQL$B$X(BJAVA$B%"%W%j%1!<%7%g%s$+$i(BJDBC$B7PM3$G(BSSL$B@\B3$9$k<j=g$r(B
$B$^$H$a$^$7$?$N$G!"Ds<($7$^$9!#(B
$BESCfJQ$J @ bL@$,$"$j$^$7$?$i!"$4;XE&$$$?$@$1$^$9$H=u$+$j$^$9!#(B
$B$"$H!"$A$g$C$HD9$$$G$9$7!"?'J,$1$G$-$J$$$N$GFI$_$K$/$$$+$b$7$l$^$;$s!#(B
$B$4N;>5$/$@$5$$!#(B

-------------------------------- $B3+;O(B --------------------------------
$B#J#A#V#A%"%W%j%1!<%7%g%s$+$i#J#D#B#C7PM3$G(BPostgreSQL$B$K#S#S#L@\B3$9$k<j=g(B

$B;29M#U#R#L!'(B
$B!{(BPostgreSQL security
$B!!(Bhttp://www.hizlab.net/app/pgsec.html#ssl
$B!{(BSSL$B$K$h$k0BA4$J(BTCP/IP$B@\B3(B
$B!!(Bhttp://www.postgresql.jp/document/pg803doc/html/ssl-tcp.html
$B!{(BSSL$B$N;HMQ(B $B%/%i%$%"%s%H$N @ _Dj(B
$B!!(Bhttp://old.postgresql.jp/wg/jpugdoc/jdbc/jdbc-8.1dev-400/html/ssl-clien
t.html
$B!{(BSSL$B%5%]!<%H(B
$B!!(Bhttp://www.postgresql.jp/document/pg803doc/html/libpq-ssl.html
$B!{(BPostgreSQL$B%a!<%j%s%0%j%9%H(B PostgreSQL $B$H(B JDBC $B$H(B SSL
$B!!(Bhttp://ml.postgresql.jp/pipermail/pgsql-jp/2002-November/011416.html

$BA0Ds>r7o!'(B
$B!!(BLinux$B%5!<%P$K$O0J2<$N%"%W%j%1!<%7%g%s$,F~$C$F$$$k$3$H$,A0Ds$H$J$j$^(B
$B$9!#(B
$B!!(B()$BFb$O(B Fedora Core 3 $B$N4D6-$G$9!#(B
$B!!-!(BOpenSSL(0.9.7a)
$B!!-"(Bgzip(1.3.3)
$B!!-#(Btar(1.14.4)
$B!!-$(Bftp$B%5!<%P(B(vsftpd 2.0.1) $B"(>ZL@=q$N%@%&%s%m!<%I$K;HMQ(B

$B<j=g!'(B
$B<j=g#1!%HkL)80%U%!%$%k$*$h$S%5!<%P>ZL@=q$N:n @ .(B
openssl req -new -keyout $BHkL)80%U%!%$%k(B.pem -text -out $B%5!<%P>ZL@=q(B.req 
$B$H$$$&%3%^%s%I$r;H$$$^$9!#(B"-keyout $BHkL)80%U%!%$%k(B.pem" $B$O(B
$B>JN,2DG=$G$9$,!">JN,$9$k$H!"(B"privkey.pem" $B$H$$$&HkL)80%U%!%$%k$,(B
$B=PMh$^$9!#(B

> openssl req -new -text -out cert.req
Using configuration from /usr/share/ssl/openssl.cnf
Generating a 1024 bit RSA private key
................++++++
.++++++
writing new private key to 'certkey.pem'
Enter PEM pass phrase: password$B"+E,Ev$JHkL)80%U%!%$%kMQ%Q%9%o!<%I(B
Verifying password - Enter PEM pass phrase: password$B"+:FF~NO(B
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:company
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:hostname
Email Address []:hogehoge @ hoge.co.jp

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:$B"+L$F~NO$G#O#K(B
An optional company name []:$B"+L$F~NO$G#O#K(B


$B<j=g#2!%>ZL@=q$N<+8J=pL>(B
$B<!$K!"$3$N>ZL@=q$K<+8J=pL>$r$7$^$9!#$3$l$K$b$d$O$j(B openssl $B%3%^%s%I$r(B
$B;H$$$^$9!#<B:]$O!"(Bopenssl req -x509 -in $B%5!<%P>ZL@=q(B.req -text -key 
$BHkL)80%U%!%$%k(B.pem -out $B=pL>:Q$_>ZL@=q(B.crt $B$H$$$&46$8$K$J$j$^$9!#(B
$B%Q%9%o!<%I$rJ9$+$l$k$N$G!"@h$[$I$NHkL)80%U%!%$%k$N%Q%9%o!<%I$rF~NO$7(B
$B$F$/$@$5$$!#(B
> openssl req -x509 -in cert.req -text -key privkey.pem -out server.crt
Using configuration from /usr/share/ssl/openssl.cnf
Enter PEM pass phrase:password$B"+<j=g#1$GF~NO$7$?HkL)80%U%!%$%kMQ%Q%9%o!<%I(B
$B$3$l$G<+8J=pL>$N$5$l$?%5!<%P>ZL@=q$,$G$-$"$,$j$^$7$?!#(B


$B<j=g#3!%HkL)80$+$i$N%Q%9%o!<%I$N:o=|(B
PostgreSQL$B$G(B SSL $B$r;H$&$K$O!"$3$N=pL>:Q$_$N%5!<%P>ZL@=q$H!"@h$[$I$N(B
$BHkL)80%U%!%$%k$NFs$D$N%U%!%$%k$,I,MW$G$9!#$7$+$7$3$N$^$^$@$H!"(B
PostgreSQL$B$N5/F0;~$K!"HkL)80%U%!%$%k$N%Q%9%o!<%I$rJ9$$$F$-$F$7$^$$!"(B
$B<+F0$G5/F0$7$J$/$J$C$F$7$^$$$^$9!#$3$l$rHr$1$k$?$a$K!"HkL)80%U%!%$%k(B
$B$+$i%Q%9%o!<%I$r:o=|$7$F$7$^$$$^$9!#(B
$B:o=|$9$k$K$O!"(Bopenssl rsa -in $BHkL)80%U%!%$%k(B.pem -out $B%Q%9%o!<%IL5$7(B
$BHkL)80%U%!%$%k(B.pem $B$H$7$^$9!#$3$N$H$-$K$b$d$O$j!"HkL)80%U%!%$%k$N(B
$B%Q%9%o!<%I$rJ9$$$F$-$^$9!#(B
> openssl rsa -in privkey.pem -out server.key
read RSA key
Enter PEM pass phrase:password$B"+<j=g#1$GF~NO$7$?HkL)80%U%!%$%kMQ%Q%9%o!<%I(B
writing RSA key

$B"($A$J$_$K!"%Q%9%o!<%IL5$7HkL)80%U%!%$%k$K%Q%9%o!<%I$rIU$1$k$K$O!"(B
openssl rsa -des3 -in $B%Q%9%o!<%IL5$7HkL)80%U%!%$%k(B.pem -out $B%Q%9%o!<(B
$B%IIU$-HkL)80%U%!%$%k(B.pem $B$H<B9T$9$k$H!"?7$?$KIU$1$k%Q%9%o!<%I$rJ9$$$F(B
$B$-$^$9!#(B

$B$3$3$^$G$G!"%Q%9%o!<%IL5$7HkL)80%U%!%$%k!J(Bserver.key)$B$H%5!<%P>ZL@=q(B(server.crt)$B$,:n @ .$5$l$^$7$?!#(B


$B<j=g#4!%(BSSL$B5!G=$rM-8z$K$7$F!"(BPostgreSQL$B$r%3%s%Q%$%k(B
PostgreSQL$B$G(BSSL $B$r;H$($k$h$&$K$9$k$K$O!"(BSSL $B$,MxMQ$G$-$k$h$&$K(B
$B%3%s%Q%$%k$5$l$F$$$J$H$$$1$^$;$s!#%3%s%Q%$%k$N(B configure $B$r<B9T$9$k$H(B
$B$-$K!"(B--with-openssl $B%*%W%7%g%s$rIU$1$kI,MW$,$"$j$^$9!#(B

> gzip -d postgresql-8.0.3.tar.gz
> tar xvf postgresql-8.0.3.tar
> cd postgresql-8.0.3
> mkdir /usr/local/pgsql/$B!!"+%$%s%9%H!<%k @ h%G%#%l%/%H%j$N:n @ .(B
> mkdir /usr/local/pgsql/data$B!!"+%G!<%?%G%#%l%/%H%j$N:n @ .(B
> chmod -R postgres:postgres /usr/local/pgsql $B"+%*!<%J!<$rJQ99$7$^$9(B
> ./configure --with-openssl $B"+(BSSL$B5!G=$rM-8z$K$7$^$9(B
> make check
> make install

$B<j=g#5!%(BPostgreSQL$B$N=i4|2=(B
$B%G!<%?%G%#%l%/%H%j$N=i4|2=$r9T$$$^$9!#$3$l$r9T$&$3$H$G!"%G!<%?%G%#%l(B
$B%/%H%jG[2<$K @ _Dj%U%!%$%kEy$,:n @ .$5$l$^$9!#(B
> initdb -E EUC_JP -D /usr/local/pgsql/data


$B<j=g#6!%(BPostgreSQL$B$XHkL)80%U%!%$%k$H%5!<%P>ZL@=q$r @ _Dj(B
PostgreSQL$B$G$O(BSSL$B%b!<%I$G5/F0$9$k$H$-$K!"%G!<%?%G%#%l%/%H%jG[2<$N(B
server.key$B%U%!%$%k$H(Bserver.crt$B%U%!%$%k$rC5$7!"$3$N%-!<$H>ZL@=q$r(B
$BMxMQ$7$^$9!#(B
> cp ../server.* /usr/local/pgsql/data
> chmod 400 /usr/local/pgsql/data/server.*


$B<j=g#7!%(BPostgreSQL$B$K$F(BSSL$B@\B3$r$G$-$k$h$&(Bpostgresql.conf$B$rJT=8(B
SSL$B%b!<%I$G5/F0$9$k$h$&$K(BPostgreSQL$B$N @ _Dj%U%!%$%k$rJT=8$7$^$9!#(B
> emacs -nw /usr/local/pgsql/data/postgresql.conf
$B0J2<$N$h$&$KJT=8$7$^$9!#(B
#ssl = false
$B"-"-"-"-"-"-(B
ssl = true


$B<j=g#8!%%/%i%$%"%s%H$+$i@\B3$G$-$k$h$&(Bpg_hba.conf$B$rJT=8(B
$B%/%i%$%"%s%H$+$i(BSSL$B$N$_$G@\B3$G$-$k$h$&$K(Bpg_hba.conf$B%U%!%$%k$rJT=8$7$^$9!#(B
$B"((Bpg_hba.conf$B$N>\$7$$@_Dj$O0J2<$N(BURL$B$r;2>H$7$F$/$@$5$$!#(B
http://www.postgresql.jp/document/pg803doc/html/client-authentication.html#AUTH-PG-HBA-CONF
> emacs -nw /usr/local/pgsql/data/pg_hba.conf
$B0J2<$N$h$&$KJT=8(B
host		all	all	127.0.0.1/32	trust
$B"-"-"-"-"-"-"-"-"-"-"-"-"-"-"-"-"-"-"-"-"-(B
hostssl		all	all	0.0.0.0/0	md5$B"+(Bhostssl$B$r;XDj$7$^$9(B
 
$B<j=g#9!%(BPostgreSQL$B$r5/F0(B
SSL$B$r;HMQ$7$F!"(BPostgreSQL$B$r5/F0$9$k>l9g$K$O(Bpostmaster$B$K(B -l $B%*%W%7%g%s(B
$B$r;XDj$7$F5/F0$9$kI,MW$,$"$j$^$9!#(Bpg_ctl$B$N(B -o $B%*%W%7%g%sFb$G;XDj$9$k(B
postmaster$B$N%*%W%7%g%s$K(B -l $B$rDI2C$7$F$/$@$5$$!#(B
$B"((Bpg_ctl$B$*$h$S(Bpostmaster$B$N>\$7$$@_Dj$O0J2<$N(BURL$B$r;2>H$7$F$/$@$5$$!#(B
$B!!(Bpg_ctl$B!'(B
$B!!!!(Bhttp://www.postgresql.jp/document/pg803doc/html/app-pg-ctl.html
$B!!(Bpostmaster$B!'(B
$B!!!!(Bhttp://www.postgresql.jp/document/pg803doc/html/app-postmaster.html
> /usr/local/pgsql_ssl/bin/pg_ctl -o "-i -S -l -p 5432"
 -D /usr/local/pgsql_ssl/data$B"+K\Mh$O#19T$GF~NO$7$^$9(B


$B<j=g#1#0!%(Bpsql$B$K$F@\B33NG'$r9T$&%f!<%6$N%[!<%`$KHkL)80$H>ZL@=q$r%3%T!<(B
$B$3$3$G$R$H$^$:!"(BSSL$B$G$N@\B3$,$G$-$k$+%m!<%+%k4D6-$G$N@\B33NG'$r(B
$B9T$$$^$9!#(B
psql$B@\B33NG'$r9T$&$K$O%f!<%6$N%[!<%`%G%#%l%/%H%j$K$"$k(B
~/.postgresql/postgresql.crt$B%U%!%$%k$K3JG<$5$l$?>ZL@=q$rAw?.$7$^$9!#(B
$B$^$?!"0lCW$9$k(B~/.postgresql/postgresql.key$BHkL)%-!<%U%!%$%k$bB8:_$7$J(B
$B$1$l$P$J$i$:!"99$KC/$K$G$bFI$_<h$j$G$-$k$h$&$J8"8B$rIUM?$7$F$O$J$j$^(B
$B$;$s!#(B (Microsoft Windows$B$G$O!"$3$N%U%!%$%k$NL>A0$O$=$l$>$l(B
%APPDATA%\postgresql\postgresql.crt$B$H(B%APPDATA%\postgresql\postgresql.key
$B$G$9!#(B)
> cd
> mkdir .postgresql
> cp /usr/local/pgsql/data/server.crt /home/postgres/.postgresql/postgresql.crt
> cp /usr/local/pgsql/data/server.key /home/postgres/.postgresql/postgresql.key


$B<j=g#1#1!%(Bpsql$B$K$F(BSSL$B@\B3$G$-$k$+3NG'(B
$B>e5-<j=g#1#0$r9T$C$?8e!"(Bpsql$B$K$F@\B33NG'$r9T$$$^$9!#(B
$B$3$3$G!"I,$:(B -h $B%*%W%7%g%s$r;XDj$7$F$/$@$5$$!#(B-h $B%*%W%7%g%s$r;XDj$;(B
$B$:$K@\B3$r9T$C$?>l9g!"(BUnix $B%I%a%$%s%=%1%C%H7PM3$N@\B3$K$J$j!"(BTCP/IP
$B7PM3$N(BSSL$B$r;H$C$?@\B3$H$O0[$J$j$^$9!#(B
$B$^$?!":#2s$N%$%s%9%H!<%k0J30$K(BSSL$B5!G=$rM-8z$K$7$F$$$J$$(BPostgreSQL$B$,(B
$B%$%s%9%H!<%k$5$l$F$$$k>l9g!"$=$N(Bpsql$B$rMxMQ$7$F$N@\B3$O9T$($J$$2DG=@-(B
$B$,$"$j$^$9$N$G!"$4Cm0U$/$@$5$$!#(B
> /usr/local/pgsql/bin/psql -h 127.0.0.1 -p 5432 template1
Welcome to psql 8.0.3, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit

SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)$B"+$3$N%a%C%;!<%8$,=PNO$5$l$l$P(BSSL$B$G$N@\B3$,=PMh$F$$$k$3$H$,3NG'$G$-$^$9(B

template1 #


$B<j=g#1#2!%%5!<%P>ZL@=q$r(BJAVA$B$,M}2r$G$-$k7A$KJQ49!#(B
$B%5!<%P>ZL@$r(BJava$B$+$iMxMQ$G$-$k$h$&$K$9$k$K$O!"$^$:(BJava$B$,M}2r$G$-$k(B
$B7A<0$KJQ49$7$^$9!#(B
> openssl x509 -in server.crt -out server.crt.der -outform der

$B0J>e$G!"%5!<%PB&$N @ _Dj$O$[$\=*N;$G$9!#0J2<!"%/%i%$%"%s%HB&$N @ _Dj$r9T$$$^$9!#(B


$B<j=g#1#3!%(BFTP$B$K$FJQ49$7$?>ZL@=q(B(server.crt.der)$B$r%/%i%$%"%s%H$X%@%&%s%m!<%I!#(B


$B<j=g#1#4!%(BJava$B$N%7%9%F%`%H%i%9%H%9%H%"$K>ZL@=q$r%$%s%]!<%H!#(B
$B>ZL@=q$r(BJRE$B$K<h9~$^$9!#(B
$B"(2<5-$G!V(B$JAVA_HOME$B!W$O(BJDK$B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B$JAVA_HOME/jre
$B$K$J$j$^$9$N$G!"$4Cm0U$/$@$5$$!#(B
> keytool -keystore $JAVA_HOME/lib/security/cacerts -alias postgresql -import -file server.crt.der
$B%-!<%9%H%"$N%Q%9%o!<%I$rF~NO$7$F$/$@$5$$(B:  changeit$B"+I,$:(Bchangeit$B$G$9(B
$B=jM-<T(B: EMAILADDRESS=hogehoge @ hoge.co.jp, CN=hostname, O=company, ST=Tokyo, C=JP

$B<B9T<T(B: EMAILADDRESS=hogehoge @ hoge.co.jp, CN=hostname, O=company, ST=Tokyo, C=JP

$B%7%j%"%kHV9f(B: 0
$BM-8zF|(B: Fri Oct 13 13:34:13 JST 2006 $BM-8z4|8B(B: Sun Nov 12 13:34:13 JST 2006
$B>ZL@=q$N%U%#%s%,!<%W%j%s%H(B:
         MD5:  XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
         SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
$B$3$N>ZL@=q$r?.Mj$7$^$9$+(B? [no]:  yes
$B>ZL@=q$,%-!<%9%H%"$KDI2C$5$l$^$7$?!#(B

$B<j=g#1#5!%%/%i%$%"%s%HG'>ZMQ80 @ 8@.(B
$B>e5-<j=g#1#4$^$G$G!"%5!<%P>ZL@=qFb$N%Q%9%o!<%I$@$1$N%/%i%$%"%s%HG'>Z(B
$B$G@\B3$O$G$-$^$9!#$?$@!"%/%i%$%"%s%HG'>Z$r9T$&$?$a$K$O$3$N8e$N @ _Dj$b(B
$BI,MW$K$J$j$^$9!#(B
$B%/%i%$%"%s%HG'>Z$K$O%/%i%$%"%s%H$N%-!<%9%H%"$r%5!<%P$N80$H$OJL$K:n @ .(B
$B$7!"$=$N>ZL@=q$r%5!<%P$N%G!<%?%G%#%l%/%H%j$K(Broot.crt$B$H$$$&%U%!%$%kL>(B
$B$GCV$-$^$9!#(B
$B$^$:$O%/%i%$%"%s%HG'>ZMQ$NHkL)80$r:n @ .$7$^$9!#(B
> keytool -genkey -alias postgresql -keystore client.keystore
$B%-!<%9%H%"$N%Q%9%o!<%I$rF~NO$7$F$/$@$5$$(B:  password$B"+E,Ev$J%Q%9%o!<%I(B
$B @ +L>$rF~NO$7$F$/$@$5$$!#(B
  [Unknown]:  .
$BAH?%C10LL>$rF~NO$7$F$/$@$5$$!#(B
  [Unknown]:  .
$BAH?%L>$rF~NO$7$F$/$@$5$$!#(B
  [Unknown]:  company
$BET;TL>$^$?$OCO0hL>$rF~NO$7$F$/$@$5$$!#(B
  [Unknown]:  Tokyo
$B=#L>$^$?$OCOJ}L>$rF~NO$7$F$/$@$5$$!#(B
  [Unknown]:  .
$B$3$NC10L$K3:Ev$9$k(B 2 $BJ8;z$N9qHV9f$rF~NO$7$F$/$@$5$$!#(B
  [Unknown]:  JP
CN=., OU=., O=company, L=Tokyo, ST=., C=JP $B$G$h$m$7$$$G$9$+(B?
  [no]:  yes

<postgresql> $B$N80%Q%9%o!<%I$rF~NO$7$F$/$@$5$$!#(B
($B%-!<%9%H%"$N%Q%9%o!<%I$HF1$8>l9g$O(B RETURN $B$r2!$7$F$/$@$5$$(B):password
$B!!!!!!!!!!!!!!:G=i$KF~NO$7$?%-!<%9%H%"$N%Q%9%o!<%I$HF1$8$K$7$^$9",(B


$B<j=g#1#6!%%/%i%$%"%s%HG'>ZMQ80$N>ZL@=q$r:n @ .(B
$B%/%i%$%"%s%HG'>ZMQ$N>ZL@=q$r:n @ .$7$^$9!#0J2<$N%3%^%s%I$K$F<j=g#1#5$G:n @ .$7$?80$r4^$`>ZL@=q$r%U%!%$%k$K=q$-=P$7$^$9!#(B
> keytool -export -rfc -alias postgresql -file root.crt -keystore client.keyst
ore
$B%-!<%9%H%"$N%Q%9%o!<%I$rF~NO$7$F$/$@$5$$(B:  password
$B>ZL@=q$,%U%!%$%k(B <root.crt> $B$KJ]B8$5$l$^$7$?!#(B


$B<j=g#1#7!%%/%i%$%"%s%H>ZL@=q$r%5!<%P$K @ _CV(B
$B<j=g#1#6$K$F:n @ .$7$?%/%i%$%"%s%H>ZL@=q(B(root.crt)$B$r%5!<%P$N%G!<%?%G%#%l%/%H%jG[2<$K @ _CV$7$^$9!#(B
$B#F#T#P$GE>Aw8e!"(B/usr/local/pgsql/data$BG[2<$K @ _CV$7$^$9!#(B


$B<j=g#1#8!%%=!<%9%U%!%$%k$N=$@5(B
$B$^$:!"(BJDBC $B%I%i%$%P$rMxMQ$9$k:]$K;XDj$9$k%I%i%$%P#U#R#L$K$F!"(BSSL $BDL?.$rMxMQ$9$k%W%m%Q%F%#$rDI2C$9$7$^$9!#(B

<$BDI2C%W%m%Q%F%#(B>
ssl=true

$B%3!<%INc!'(B
============================================================
String url =
"jdbc:postgresql://localhost/test?user=fred&password=secret&ssl=true";
Connection conn = DriverManager.getConnection(url);
============================================================

$B>\$7$/$O!"(BPostgresql $B$N(BJDBC$B%I%i%$%P%I%-%e%a%s%H$r;2>H$/$@$5$$!#(B
[Connection Parameters]
http://old.postgresql.jp/wg/jpugdoc/jdbc/jdbc-8.1dev-400/html/connect.html


$B<j=g#1#9!%<B9T%Q%i%a!<%?$N @ _Dj(B
JAVA$B%"%W%j%1!<%7%g%s5/F0;~$N%Q%i%a!<%?$G%/%i%$%"%s%H$N%-!<%9%H%"$H%Q%9%o!<%I$r;XDj$7$^$9!#(B

-Djavax.net.ssl.keyStore=client.keystore
-Djavax.net.ssl.keyStorePassword=password$B"+<j=g#1#5$GF~NO$7$?%Q%9%o!<%I(B


$B0J>e!#(B

-------------------------------- $B=*N;(B --------------------------------

> $B4d@%$G$9!#(B
> 
> $B7k2L$+$i8@$$$^$9!#(B
> $B$*$3$a$5$^$K$465<(D:$$$?$d$jJ}$G$&$^$/F0$-$^$7$?!*(B
> $B$"$j$,$H$&$4$6$$$^$9!#(B
> 
> $B8e$[$I@\B3$K;j$k$^$G$N<j=g$r$3$A$i$KDs<($5$;$FD:$3$&$H(B
> $B;W$$$^$9!#(B
> $B$*$3$a$5$^!"BgJQ=u$+$j$^$7$?!#$"$j$,$H$&$4$6$$$^$7$?!*!*(B
> 
> 
> > $B$*$3$a$G$9!#(B
> > 
> > $B4d@%!!H%(B wrote:
> > > $B4d@%$G$9!#(B
> > > 
> > > $B$*$3$aMM!"%3%a%s%H$"$j$,$H$&$4$6$$$^$9!#(B
> > > $B7kO@$+$i8@$&$H!"$^$@$&$^$/$G$-$F$$$^$;$s!#(B
> > > 
> >  > $B0l$DJ,$+$C$?$3$H$O!"%5!<%P$N(Bdata$B%U%)%k%@G[2<$KCV$$$F$"$k!"(B
> > > server.crt$B$HF1$8(Broot.crt$B%U%!%$%k$r>C$7$?>l9g!"(B
> > > $B@\B3$G$-$k$h$&$K$J$j$^$7$?!#(B
> > > $B$?$@!"K\Ev$K#S#S#L@\B3$G$-$F$$$k$N$+!)$^$G$O$^$@3NG'$G$-$F$$$^$;$s!#(B
> > > $B0J2<$N%^%K%e%"%k$r3NG'$9$k$H!"(B
> > > http://www.postgresql.jp/document/pg803doc/html/ssl-tcp.html
> > > root.crt$B$,L5$$>l9g!"%/%i%$%"%s%H$NG'>Z$O9T$o$J$$$H=q$$$F$"$k(B
> > > $B$N$G!"%/%i%$%"%s%H$N>ZL@=q$,2?$i$+$NM}M3$GG'>Z$G$-$F$$$J$$$h$&$@$H(B
> > > $B$$$&$H$3$m$^$G$O$o$+$j$^$7$?!#(B
> > > 
> > > $B @ 5D>9T$-5M$^$C$F$$$^$9!#:,K\E*$K(BOpenSSL$B$N=hM}$,J,$+$C$F$$$J$$$N$b(B
> > > $BLdBj$@$H46$8$F$*$j!"(BOpenSSL$B$K$D$$$F$bD4::$,I,MW$J$N$+$H$b9M$($F$$$^$9!#(B
> > > 
> > > $B$9$$$^$;$s!"2?$+B>$K%"%I%P%$%9$,$"$l$P$*4j$$CW$7$^$9!#(B
> > 
> > $B%5!<%P$N>ZL@=q$@$18+$F%/%i%$%"%s%H$O%Q%9%o!<%I$@$1$NG'>Z$G@\B3$7$F$$$^$7$?!#(B
> > $B%/%i%$%"%s%HG'>Z$K$D$$$F$OJL$N @ _Dj$bI,MW$K$J$k$N$GD4$Y$F$_$^$7$?!#(B
> > 
> > $B%/%i%$%"%s%H$NG'>Z$O%/%i%$%"%s%H$N(B keystore $B$r%5!<%P$N80$H$OJL$K:n @ .$7(B
> > $B$F!"$=$N>ZL@=q$r%5!<%P$N(B root.crt $B$KCV$-$^$9!#(B
> > 
> > $B"#80 @ 8@.(B
> > keytool -genkey -alias client1 -keystore client.keystore
> > $B$J$I$J$I!#(B
> > $B%-!<%9%H%"$H80$N%Q%9%o!<%I$OF1$8$K$7$F$*$-$^$9!#(B
> > $B%Q%9%o!<%I0J30$O$H$j$"$($:2?$G$b$$$$$H;W$$$^$9!#(B
> > 
> > $B"#>ZL@=q:n @ .(B
> > $B80$N>ZL@=q$r%U%!%$%k$K=q$-=P$7$^$9!#(B
> > 
> > keytool -export -rfc -alias client1 -flie root.crt -keystore client.keystore
> > 
> > $BJL$N80$G=pL>$7$F$b$+$^$$$^$;$s$7!"%/%i%$%"%s%H$,(B1$B$D$G$"$l$P!"(B
> > $B=q$-=P$7$?%U%!%$%k$r$=$N$^$^%5!<%P$N(B root.crt $B$KCV$-$^$9!#(B
> > 
> > $B"#<B9T%Q%i%a!<%?(B
> > java $B$N%Q%i%a!<%?$G%/%i%$%"%s%H$N(Bkeystore$B$H%Q%9%o!<%I$r;XDj$7$^$9!#(B
> > 
> > -Djavax.net.ssl.keyStore=client.keystore
> > -Djavax.net.ssl.keyStorePassword=keystorepassword
> > 
> > $B%5!<%P$N>ZL@=q$r(Bcacerts$B0J30$KF~$l$F$$$k>l9g$O(B
> > 
> > -Djavax.net.ssl.trustStore=cert.keystore
> > -Djavax.net.ssl.trustStorePassword=certpassword
> > 
> > $B$G%5!<%P>ZL@=q$NF~$C$F$$$k(B keystore$B%U%!%$%k$H(Bkeystore$B$N%Q%9%o!<%I$b;XDj(B
> > $B$7$^$9!#(B
> > 
> > $B%5!<%P$N>ZL@=q$@$1$r;XDj$7$F%/%i%$%"%s%H$N80$r;XDj$7$F$J$+$C$?$N$G@\B3$G(B
> > $B$-$J$+$C$?$N$G$7$g$&$M!#(B
> > $B$3$l$G%/%i%$%"%s%HG'>Z$b$G$-$^$7$?$,!"$I$&$G$7$g$&$+(B?
> > 
> > -- 
> > $B:4F#(B $B2m=S(B ($B$*$3$a(B)
> > okome @ siisise.net okome @ mozilla.gr.jp
> > http://siisise.net/
> 
> -- 
> $B4d@%!!H%(B <iwase-h @ cnt.mxy.nes.nec.co.jp>

-- 
$B4d@%!!H%(B <iwase-h @ cnt.mxy.nes.nec.co.jp>




pgsql-jp メーリングリストの案内