Richard Troy <rtroy@ScienceTools.com> writes:
>> * Look in the postmaster log to see what gets logged during a failed
>> connection attempt.
> Of course! -duh!-
> Depending on which test, I get either:
> LOG: could not accept SSL connection: sslv3 alert certificate unknown
> LOG: could not accept SSL connection: peer did not return a certificate
> ...which seems to (strongly) suggest that it's requiring not only an
> encrypted connection but that the user present a certificate.
I think that at least around 8.2, the postmaster interprets the presence
of root.crt as indicating that it should demand client certs. Better
check the docs though (and this is something I think Magnus changed in
8.4, but not totally sure, so be sure to check the right version of
the docs).
regards, tom lane
