> Are there other methods/ practices commonly used for these operations?
> Thank you in advance.
You've got some serious confusion between client/server and other things
going on here...Adrian addressed those. It might help to think of the fact
that the clients and server are typically not on the same physical machine.
They should NOT be sharing ANY configuration files between each other. It
may be they happen to have identical copies of a given file but those copies
should be in different locations.
Oh, And where did you get the idea that "search_path" had anything to do
with this?
You should probably look into using a pg_service.conf file on the client.
http://www.postgresql.org/docs/9.0/static/libpq-pgservice.html
On the server side of things: create virtual machines
Since the server only has a single identity there is no obvious need or
provision to have it provide alternative names to the SSL-related files that
it uses. The client, though, can assume multiple identities and so while
there is a set of default file names there are ways to override those - via
environment variables or conninfo settings (which is where pg_service.conf
comes in).
If the servers and clients share a trusted signing chain some degree of
"sharing" can be achieved but the only thing being checked then is global
identity. (in theory...) It is possible to setup distinct chains so that
development clients cannot connect to production servers using the same set
of credentials that they use to connect to development servers.
David J.
--
View this message in context:
http://postgresql.nabble.com/SSL-Certificates-in-Windows-7-Postgres-9-3-tp5830749p5831208.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.
