This is using the latest Glassfish (4.1), the latest Postgres Driver (9.3-1102 JDBC 41) against Postgres 9.4, and the latest Java (1.8.0_31-b13).
This is also using a commercial CA certificate, I have checked the CA root is present in $JAVA_HOME/jre/lib/security/cacerts. For good measure I have also added the intermediate certificate.
I have also verified Root and intermediate is in the glassfish domains/domain1/config/cacerts.jks
The error message I am receiving is :
An error has occured. Ping Connection Pool failed for XXX. Connection could not be allocated because: SSL error: sun.security.validator.ValidatorException: PKIX path building failed sun.security.provider.SunCertPathBuilderException: unable to find valid certification path to requested target.
The Postgresql log shows the following :
LOG: could not accept SSL connection: sslv3 alert certificate unknown
The Glassfish server.log doesn't show anything more than the above error.
If I set
sslfactory=org.postgresql.ssl.NonValidatingFactory
Then of course ping works fine. But this is obviously completely and utterly unacceptable for production purposes where protection against MITM attacks is without question mandatory !
