I’m new to CloverETL, and I’m trying to connect to the db for the first time.
I need ssl to be on. I tried using the following connection string in the URL secrion of the DB connection:
jdbc:postgresql://localhost:port/db?&ssl=true
But I received the following error message
“Can’t connect to DB: SSL error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”
I also tried to set the parameter ssl to true on the advanced section., but then it didn’t recognized the ssl parameter:
“Can’t connect to DB: FATAL: no pg_hba.conf entry for host “10.30.0.85”, user “dbuser”, database “db”, SSL off”
You need to provide Clover with certificate of the DB Server. You can import such certificate into your own truststore and tell Clover to use that one. In order to do so you need to put the following arguments into graph run configuration (Run -> Run Configuration -> Arguments tab → VM arguments text-area):
Is this mandatory? I’m using a cloud based db and having problems getting it’s certificate.
After setting the following connection variables (jdbc.ssl=true, jdbc.sslfactory=org.postgresql.ssl.NonValidatingFactory) - I recieve a “Connection valid” info message when I validate the connection.
However when I try to use the connection in order to extract METADATA or in order to connect to a DBOutputTable, I get the following error: “Can’t connect to DB:FATAL: no pg_hba.cong entry for host <host_ip>” , user “<user_name>, database <db_name>, SSL off”.
Why is SSL off when I try to use the connection? In the advanced variables for the connection it is set to ssl=true and the validation works.
you might use NonValidatingFactory in this case (Using SSL). The thing is that you wrote the properties with “jdbc.” prefix as there is supposed to be used just “ssl” and “sslfactory”. That is also why you see “SSL off” in the message. You can also paste these parameters into the URL.
JDBC properties is not the right place for setting path to your trust store. As my colleague Jan mentioned, trust store should be set via run configuration and it is valid for the whole JVM. (Run → Run Configuration → Arguments tab → VM arguments) Or in case of CloverETL Server, it should be set in setenv script.
You are setting path to a certificate instead of path to trust store. And you also need to set a password to it. See the following page to see the difference between certificate and key store.
If ssl and sslfactory in “Custom JDBC properties” properties did not work, move them into your JDBC URL as parameters.
Thanks! Setting the URL with the parameters worked:
connection URL: jdbc:postgresql://localhost:port/db?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
