IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

runtime database to an external DB PostgreSQL v12 using the protocol TLSv1.2

  • 1.  runtime database to an external DB PostgreSQL v12 using the protocol TLSv1.2

    Posted Mon August 01, 2022 01:28 PM
    Hello.

    I have IBM Appliance 9.0.7.2 (Module: IBM Security Access Manager Federation). I am trying to configure the connection of runtime database to an external DB PostgreSQL v12 using the protocol TLSv1.2.

    Every connection ends with an error:

    Line 20646: 00000029 id=00000000 com.ibm.security.access.management.rest.Grants I getUserIds com.tivoli.am.rba.exception.RBADBException: SSL error: Received fatal alert: unsupported_certificate DSRA0010E: SQL State = 08006, Error Code = 0
    Line 20646: 00000029 id=00000000 com.ibm.security.access.management.rest.Grants I getUserIds com.tivoli.am.rba.exception.RBADBException: SSL error: Received fatal alert: unsupported_certificate DSRA0010E: SQL State = 08006, Error Code = 0
    Line 20725: Caused by: java.sql.SQLException: SSL error: Received fatal alert: unsupported_certificate DSRA0010E: SQL State = 08006, Error Code = 0
    Line 20725: Caused by: java.sql.SQLException: SSL error: Received fatal alert: unsupported_certificate DSRA0010E: SQL State = 08006, Error Code = 0
    Line 20774: 00000029 id=00000000 com.ibm.security.access.management.rest.Grants E getUserIds RESOURCES_GET_SQL_ERROR
    Line 20776: 00000029 id=00000000 xf.rt.frontend.jaxrs.3.2:1.0.41.cl200620200528-0414(id=130)] W com.ibm.security.access.management.ws.exception.ResourcesGetException: HTTP 500 Internal Server Error
    Line 20847: Caused by: com.tivoli.am.rba.exception.RBADBException: SSL error: Received fatal alert: unsupported_certificate DSRA0010E: SQL State = 08006, Error Code = 0
    Line 20847: Caused by: com.tivoli.am.rba.exception.RBADBException: SSL error: Received fatal alert: unsupported_certificate DSRA0010E: SQL State = 08006, Error Code = 0
    Line 20858: Caused by: java.sql.SQLException: SSL error: Received fatal alert: unsupported_certificate DSRA0010E: SQL State = 08006, Error Code = 0
    Line 20858: Caused by: java.sql.SQLException: SSL error: Received fatal alert: unsupported_certificate DSRA0010E: SQL State = 08006, Error Code = 0

    All certificates for IBM Appliance are issued by a certificate authority and uploaded to 2 repositories rt_profile_keys and lmi_trust_store.

    The certificate for the DB is given correct. Polling using openssl:
    s_client -starttls postgres -connect servername:5432 -tls1_2 | openssl x509 -dates

    The TLS1.0 connection is successful. The problem is observed when using TLS1.2.

    Maybe someone has had the experience of such interaction?



    ------------------------------
    Maxim Brazhkin
    ------------------------------