On Thu, 29 Jan 2009 12:53:20 -0500
Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Ivan Sergio Borgonovo <mail@webthatworks.it> writes:
> > I succeded to connect to one postgresql server with ssl.
> > Now it's the time of the second... but postgresql clients (pgsql)
> > just look at ~/.postgresql/postgresql.(key|crt)
> > So I can't put in ~/.postgresql/ another [].crt coming from
> > another server.
> Not an ssl expert, but I think you just concatenate all the keys
> you need into the one text file.
I did a cat new.(crt|key) >> postgresql.(crt|key) on the client.
The old "server" still work. The new one still doesn't.
I took notes on how I did the first time and I think they were
enough detailed to repeat the process but I've to admit I really
didn't understand what I did the first time, so I'm not absolutely
sure if I really did it right.
Somehow I haven't been able to find an howto that really explain how
to do it and grasp enough to be confident to bend it enough to a bit
broader context.
I just know that eg. auto-signing a certificate for apache is much
easier and doesn't involve moving files across client and server.
I think a clearer guide from some pg/ssl guru will be certainly very
welcome by all the users.
The server is not complaining... actually it is the client that is
not able to reply with a proper key.
--
Ivan Sergio Borgonovo
http://www.webthatworks.it
