Search code examples
ssljirapostgresql-13

Set up mTLS between Jira Service Management and PostgreSQL 13.5

I am trying to set up the mTLS connection between JSM and PostgreSQL.

On the database side, I have turned on the SSL and in pg_hba.conf I added the configuration below to tell the client to use a cert for connection:

hostssl   all   all  0.0.0.0/0 cert clientcert=1

On the application side, I verified it via line below and it is able to connect to the database:

psql "host=<database server FQDN> port=5432 user=jiradbuser dbname=jiradb sslmode=verify-full sslcert=/path/to/jiradb.crt sslrootcert=/path/to/root.crt sslkey=/path/to/jiradb.key"

However, when I configured the dbconfig.xml, it is always complaining that:

no pg_hba.conf entry for host <ip address of jira service management server>, user "jiradbuser", database "jiradb", SSL off

Below is the content of dbconfig.xml:

<?xml version="1.0" encoding="UTF-8"?>

<jira-database-config>
  <name>defaultDS</name>
  <delegator-name>default</delegator-name>
  <database-type>postgres72</database-type>
  <schema-name>public</schema-name>
  <jdbc-datasource>
    <url>jdbc:postgresql://<PosgreSQL server FQDN>:5432/jiradb?ssl=true;sslmode=verify-full;sslrootcert=/path/to/ca2.crt;sslcert=/path/to/jiradb.crt;sslkey=/path/to/jiradb.key</url>
    <driver-class>org.postgresql.Driver</driver-class>
    <username>jiradbuser</username>
    <password><password></password>
    <pool-min-size>30</pool-min-size>
    <pool-max-size>30</pool-max-size>
    <pool-max-wait>30000</pool-max-wait>
    <validation-query>select 1</validation-query>
    <min-evictable-idle-time-millis>60000</min-evictable-idle-time-millis>
    <time-between-eviction-runs-millis>300000</time-between-eviction-runs-millis>
    <pool-max-idle>30</pool-max-idle>
    <pool-remove-abandoned>true</pool-remove-abandoned>
    <pool-remove-abandoned-timeout>300</pool-remove-abandoned-timeout>
    <pool-test-on-borrow>false</pool-test-on-borrow>
    <pool-test-while-idle>true</pool-test-while-idle>
    <connection-properties>tcpKeepAlive=true;socketTimeout=240</connection-properties>
  </jdbc-datasource>
</jira-database-config>

May I know what the correct format of the JDBC should be?

Thanks

Solution

  • Well, after investigation I noticed the delimiter in the dbconfig.xml should be "&" instead of ";". Besides, the private key should be in PKCS#8 but PKCS#1. After modifying those 2 parts, all is up and running.