Re: Refresh Postgres SSL certs? - Mailing list pgsql-general

From Martijn van Oosterhout
Subject Re: Refresh Postgres SSL certs?
Date
Msg-id 20140409203212.GB7062@svana.org
Whole thread Raw
In response to Re: Refresh Postgres SSL certs?  (Paul Jungwirth <pj@illuminatedcomputing.com>)
List pgsql-general
On Wed, Apr 09, 2014 at 12:59:53PM -0700, Paul Jungwirth wrote:
> > Have you read the Debian README?
> > /usr/share/doc/postgresql-*/README.Debian.gz
>
> Thank you for pointing me to that file. From
> /etc/share/doc/ssl-cert/README it sounds like the old snakeoil cert is
> already self-signed, so that's promising. So I take it that psql and
> the postgres client library won't object to a self-signed cert. Do
> they do any kind of certificate pinning or other caching of the old
> cert? Or can I just replace the cert, restart the postgres server, and
> be done?

No pinning, no caching.

Have a nice day,
--
Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> He who writes carelessly confesses thereby at the very outset that he does
> not attach much importance to his own thoughts.
   -- Arthur Schopenhauer

Attachment

pgsql-general by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Linux vs FreeBSD
Next
From: Scott Marlowe
Date:
Subject: Re: Linux vs FreeBSD