I can't connect to my heroku app's postgres database - SSL errors

Answered

I was able to use 0xDBE to connect to a local Postgres server that I use for testing my Rails app, but I can't seem to get it to connect to the production version's Heroku database - it gives me an error about how it was unable to find the certificate. I can connect fine in psql on the command line using the sslmode=require flag, so I initially turned on Use SSL in 0xDBE without specifying any certificates. Trying to connect like that gives me the certificate error, though. Presumably it wants a certificate, but I have no idea what it wants or how to get it. I don't use a client cert to connect, so I suppose it wants the server cert's public key? Or the signing certificate for the server's certificate? I'm not sure how to go about finding what certificate the server is using or getting a copy of the signing certificate for that, though.

Here's what I'm getting:

java.sql.SQLException: SSL error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: java.lang.RuntimeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: java.lang.RuntimeException: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

4 comments
Comment actions Permalink

If your heroku certificates are not set up you can attach to the url string a following parameter:
&sslfactory=org.postgresql.ssl.NonValidatingFactory


string example: jdbc:postgres..... /dbName?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory

Make sure you have a corrent driver installed. If I am not wrong with this option the target server will be used as trusted despite not checking in the certificate store.

2
Comment actions Permalink

I just tried 0xDBE again with the latest version. I was able to get it to connect by adding the ?sslmode=require to the connection string manually.

1
Comment actions Permalink

I have the same problem except my error is
  Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Googling around I found that it might be an issue with my keystore as
  keytool -list
failed, complaining that ~/.keystore was missing.  So I copied it from the JDK location:
  cp /Library/Java/JavaVirtualMachines/jdk1.7.0_55.jdk/Contents/Home/jre/lib/security/cacerts ~/.keystore
ran that command again (password is "changeit") to confirm that everything was working.

Didn't help out with my postgres connection.  It is odd that the command line psql tool works as well as pgAdmin.

0
Comment actions Permalink

@Matej Ugrin answer worked for me :D Thanks! 2 years later lol

0

Please sign in to leave a comment.