I want to use the https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem which is stored in my application jar i.e. using classpath. So I tried using the below jdbc url
jdbc:postgresql://<db-endpoint>:5432/pgdb?ssl=true&sslmode=verify-full&sslfactory=org.postgresql.ssl.SingleCertValidatingFactory&sslfactoryarg=classpath:global-bundle.pem
However, I am getting an exception
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Instead of classpath: I tried file: as well but same exception.
Without using SingleCertValidatingFactory, the .pem file works with file system path like below
jdbc:postgresql://<db-endpoint>:5432/pgdb?ssl=true&sslmode=verify-full&sslrootcert=/app/certs/global-bundle.pem
Does SingleCertValidatingFactory not work with .pem files? What do I need to do to make it work. Any help is appreciated.
SingleCertValidatingFactory does seem to work with us-east-1-bundle.pem. It seems to be having issue with global-bundle-pem which has all regional certificates combined. Another solution is to follow this doc to import each certificate into the JDK cacerts
And then use
jdbc:postgresql://<db-endpoint>:5432/pgdb?ssl=true&sslmode=verify-full&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory