Exception is thrown while making connection to Postgres using SSL.

Caused by: javax.net.ssl.SSLException: Received fatal alert: unexpected_message at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2020) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1127) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:41) ... 57 common frames omitted

CodePudding user response：

Try changing the connection's driver settings to include the 'sslmode' parameter and setting it to 'require'.

You may also need to add a 'sslrootcert' parameter, setting it to the full file path of the root CA certificate on your local machine.

For a SpringBoot connection, this usually means specifying these as in-line with the database URI wherever you have it (in application.properties, etc.), i.e. appending the above to the connection URI as such:

jdbc:postgresql://<host>:<port>/<dbname>?ssl=true&sslmode=require&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory

CodePudding user response：

I was able to fix my problem. We need to convert sslkey to .pk8 format properly.

Connection string:

jdbc:postgresql://<host>:<port>/<db>?currentSchema=public&ssl=true&sslmode=verify-full&sslcert=<path>/server.crt&sslkey=<path>/server.pk8&sslrootcert=<path>/ca.crt

Where <path> refers to certs location.