Issue with connecting to PostgreSQL database by SSL certificate and key #259

New issue

Open

opened 2026-03-04 09:38:00 -05:00 by deekerman · 0 comments

deekerman commented

2026-03-04 09:38:00 -05:00

Owner

Originally created by @ihor-lysukha on GitHub (Mar 22, 2022).

My GCP PostgreSQL instance requires SSL for the connection. When I define sslmode, sslcert, sslkey and sslrootcert in DRIVER PROPERTIES I got the following error:

Error connecting to database:
Connection failed:
Could not read SSL key file /opt/cloudbeaver/ssl/client/key/client-cert.key.
java.io.IOException: extra data given to DerValue constructor
	at java.base/sun.security.util.DerValue.init(DerValue.java:409)
	at java.base/sun.security.util.DerValue.<init>(DerValue.java:294)
	at java.base/sun.security.util.DerValue.<init>(DerValue.java:305)
	at java.base/javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:87)
	at org.postgresql.ssl.LazyKeyManager.getPrivateKey(LazyKeyManager.java:236)
	at java.base/sun.security.ssl.AbstractKeyManagerWrapper.getPrivateKey(SSLContextImpl.java:1765)
	at java.base/sun.security.ssl.X509Authentication$X509PossessionGenerator.createClientPossession(X509Authentication.java:251)
	at java.base/sun.security.ssl.X509Authentication$X509PossessionGenerator.createPossession(X509Authentication.java:206)
	at java.base/sun.security.ssl.X509Authentication.createPossession(X509Authentication.java:90)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.choosePossession(CertificateMessage.java:1081)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:1102)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:958)
	at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
	at java.base/sun.security.ssl.Finished$T13FinishedConsumer.onConsumeFinished(Finished.java:1011)
	at java.base/sun.security.ssl.Finished$T13FinishedConsumer.consume(Finished.java:874)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1426)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1336)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421)
	at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:41)
	at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:571)
	at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:168)
	at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:235)
	at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
	at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:223)
	at org.postgresql.Driver.makeConnection(Driver.java:400)
	at org.postgresql.Driver.access$100(Driver.java:60)
	at org.postgresql.Driver$ConnectThread.run(Driver.java:310)
	at java.base/java.lang.Thread.run(Thread.java:829)

Certificates and the key are provided in PEM format, access permission of the file with the key was set in 0600 (read-write only for the owner).
Could you please clarify what should I configure additionally to establish a working connection to the PostgreSQL database instance?

Originally created by @ihor-lysukha on GitHub (Mar 22, 2022). My GCP PostgreSQL instance requires SSL for the connection. When I define **sslmode**, **sslcert**, **sslkey** and **sslrootcert** in DRIVER PROPERTIES I got the following error: ``` Error connecting to database: Connection failed: Could not read SSL key file /opt/cloudbeaver/ssl/client/key/client-cert.key. java.io.IOException: extra data given to DerValue constructor at java.base/sun.security.util.DerValue.init(DerValue.java:409) at java.base/sun.security.util.DerValue.<init>(DerValue.java:294) at java.base/sun.security.util.DerValue.<init>(DerValue.java:305) at java.base/javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:87) at org.postgresql.ssl.LazyKeyManager.getPrivateKey(LazyKeyManager.java:236) at java.base/sun.security.ssl.AbstractKeyManagerWrapper.getPrivateKey(SSLContextImpl.java:1765) at java.base/sun.security.ssl.X509Authentication$X509PossessionGenerator.createClientPossession(X509Authentication.java:251) at java.base/sun.security.ssl.X509Authentication$X509PossessionGenerator.createPossession(X509Authentication.java:206) at java.base/sun.security.ssl.X509Authentication.createPossession(X509Authentication.java:90) at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.choosePossession(CertificateMessage.java:1081) at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:1102) at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:958) at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436) at java.base/sun.security.ssl.Finished$T13FinishedConsumer.onConsumeFinished(Finished.java:1011) at java.base/sun.security.ssl.Finished$T13FinishedConsumer.consume(Finished.java:874) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1426) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1336) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421) at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:41) at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:571) at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:168) at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:235) at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49) at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:223) at org.postgresql.Driver.makeConnection(Driver.java:400) at org.postgresql.Driver.access$100(Driver.java:60) at org.postgresql.Driver$ConnectThread.run(Driver.java:310) at java.base/java.lang.Thread.run(Thread.java:829) ``` Certificates and the key are provided in PEM format, access permission of the file with the key was set in 0600 (read-write only for the owner). Could you please clarify what should I configure additionally to establish a working connection to the PostgreSQL database instance?

Rows
Columns