----- Original Message -----
From: Saleem EDAH-TALLY
>OK, that's a clear explanation.
>I don't know if devs on this forum are server devs too. I would suggest
>that irrespective of the presence of a server trusted cert (root.crt) that
>the server be usable by the client, as his any time choice, for
>encryption only and/or server/client authentication. Other RDBMS allow
>that : Oracle, Apache Derby and MySQL.
>Although traffic encryption only raises security concerns, it may be
>helpful in some limited cases.
Can I just say my two cents worth.
I think what you want is server authentication, which is achieved with
server certificates. That is a server.crt and server.key files in the data
directory of the server.
The client can choose, if configured correctly in pg_hba.conf, whether they
want to connect with ssl or not and this is when you might want the
NonValidatingFactory, which I would guess means you don't need the server's
public key certificate in the Java key store to validate against.
Regards
Donald
