Open michalhorcicko-ext43719 opened 6 months ago
@saragluna could you please take a look?
Hi @michalhorcicko-ext43719 Thank you for reporting this issue. We have received your submission and will take a look. Could you help provide a minimal project to reproduce? Please feel free to provide any additional information or context that you think may be helpful. We'll keep you updated on the progress of our review.
Hi @michalhorcicko-ext43719 Thank you for reporting this issue. We have received your submission and will take a look. Could you help provide a minimal project to reproduce? Please feel free to provide any additional information or context that you think may be helpful. We'll keep you updated on the progress of our review.
Hello @Netyyyy, here is the minimal example project: https://github.com/michalhorcicko-ext43719/postgresql-passwordless-with-cert-verification
Hi @Netyyyy, is there any update? Were there some problems with running the provided example?
Sorry, but we will update here if we have.
Also seeing similar issues.. Would be nice if some general guidelines could be developed so that it's easier to figure these out on our own.
Hi @michalhorcicko-ext43719 , sorry for the late response.
You should configure below property:
spring:
datasource:
azure:
credential:
client-id: the-client-id-of-the-user-managed-identity
managed-identity-enabled: true
I checked the source code that seems the mode verify-full
is not supported. I am reproducing this exception scenario, but I am blocking with the invalid cert exception:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Could you provide more detail steps to generate a valid cert postgresql.crt
and configure it in Docker file?
And could you double confirm to use non cert verification? which means use the sslmode=require
.
Describe the bug Hello, we are trying to connect to Flexi Postgresql using a passwordless method. Our Dockerfile is based on UBI9 base image, which causes the following error when connecting. There are two possible solutions: Reenable the disabled SHA1 algorithm inside the Docker image. Or you can verify server certificate as described in the provided link. But the problem is that the passwordless method in combination with server certificate verification
sslmode=verify-full
does not work and fails with the provided exception. When we reenable the SHA1 and use sslmode=require, the passwordless method works. But this is not enough for our security requirements.Exception or Stack Trace
To Reproduce Steps to reproduce the behavior:
Code Snippet
Expected behavior Passwordless connection works even with server certificate verification enabled.
Setup (please complete the following information):
Additional context This may or may not be a duplication of 38631.