On Wed, Apr 09, 2014 at 12:59:53PM -0700, Paul Jungwirth wrote:
> > Have you read the Debian README?
> > /usr/share/doc/postgresql-*/README.Debian.gz
>
> Thank you for pointing me to that file. From
> /etc/share/doc/ssl-cert/README it sounds like the old snakeoil cert is
> already self-signed, so that's promising. So I take it that psql and
> the postgres client library won't object to a self-signed cert. Do
> they do any kind of certificate pinning or other caching of the old
> cert? Or can I just replace the cert, restart the postgres server, and
> be done?
No pinning, no caching.
Have a nice day,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> He who writes carelessly confesses thereby at the very outset that he does
> not attach much importance to his own thoughts.
-- Arthur Schopenhauer