Skip to content
Permalink
Browse files

fix documentation on generating the pk8 key. closes: #1585 (#1586)

* fix documentation on generating the pk8 key. closes: #1585

* more help on key types and such
  • Loading branch information
magwas authored and davecramer committed Oct 23, 2019
1 parent 69edc0b commit 635cc86562aebc223dcc0d163639c5039a6b54c0
Showing with 8 additions and 2 deletions.
  1. +8 −2 docs/documentation/head/connect.md
@@ -93,6 +93,8 @@ Connection conn = DriverManager.getConnection(url);
of it specifies a SSL connection. However, for compatibility with future
versions, the value "true" is preferred. For more information see [Chapter
4, *Using SSL*](ssl.html).

Setting up the certificates and keys for ssl connection can be tricky see [The test documentation](https://github.com/pgjdbc/pgjdbc/blob/master/certdir/README.md) for detailed examples.

* **sslfactory** = String

@@ -120,20 +122,24 @@ Connection conn = DriverManager.getConnection(url);

Provide the full path for the certificate file. Defaults to /defaultdir/postgresql.crt

It can be a PEM encoded X509v3 certificate

*Note:* defaultdir is ${user.home}/.postgresql/ in *nix systems and %appdata%/postgresql/ on windows
* **sslkey** = String

Provide the full path for the key file. Defaults to /defaultdir/postgresql.pk8.

*Note:* The key file **must** be in [DER format](https://wiki.openssl.org/index.php/DER). A PEM key can be converted to DER format using the openssl command:
*Note:* The key file **must** be in [PKCS-8](https://en.wikipedia.org/wiki/PKCS_8) [DER format](https://wiki.openssl.org/index.php/DER). A PEM key can be converted to DER format using the openssl command:

`openssl pkcs8 -topk8 -inform PEM -in my.key -outform DER -out my.key.der`
`openssl pkcs8 -topk8 -inform PEM -in my.key -outform DER -out my.key.der -v1 PBE-MD5-DES`

* **sslrootcert** = String

File name of the SSL root certificate. Defaults to defaultdir/root.crt

It can be a PEM encoded X509v3 certificate

* **sslhostnameverifier** = String

Class name of hostname verifier. Defaults to using `org.postgresql.ssl.PGjdbcHostnameVerifier`

0 comments on commit 635cc86

Please sign in to comment.
You can’t perform that action at this time.