A colleague was trying to create a postgresql datastore in his GeoServer installation and was having trouble connecting it with our PostgreSQL/PostGIS database which was only available via an SSL connection.
He appended "?ssl=true" to the database name in the form on Geoserver (see http://jira.codehaus.org/browse/GEOT-1057 ), but we were still seeing connect errors in the postgres server logs:
"could not accept SSL connection: sslv3 alert certificate unknown"
I thought maybe the postgres server was demanding client certificates (see http://www.postgresql.org/docs/8.3/static/ssl-tcp.html ) so I made sure root.crt wasn't in the picture.
Then I tried creating a new self-signed server certificate for postgres to use in case it had expired via "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt" (note that postgres configures the location of its SSL cert and key via symlinks in your data directory (typically "main") but that wasn't the problem.
I finally clued in that it was the client not trusting the self-signed server certificate. We added an additional parameter to have the postgres JDBC driver on the GeoServer machine non validate certs. (see http://jdbc.postgresql.org/documentation/81/ssl-client.html )
Appending this to the database string in GeoServer got things running. The final string to be appended to the name of your database (not hostname... the "database" field in the GeoServer form) is:
"?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory"
Hope that helps someone (or me later!)
