Home > mailing lists

Re: Trust intermediate CA for client certificates - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: Trust intermediate CA for client certificates
Date	December 2, 2013 23:57:55
Msg-id	529CF449.3060103@dunslane.net Whole thread Raw
In response to	Re: Trust intermediate CA for client certificates (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Trust intermediate CA for client certificates
List	pgsql-hackers

Tree view

On 12/02/2013 03:44 PM, Tom Lane wrote:
> Bruce Momjian <bruce@momjian.us> writes:
>> Let me ask a simple question --- can
>> you put only the client cert on the client (postgresql.crt) and only the
>> root cert on the server (root.crt), and will it work?
> Yes, that's surely always worked.

Not if the client has been signed by an intermediate CA, surely. Either 
the server must have the intermediate CA cert in its root.crt or the 
client must supply it along with the end cert.

cheers

pgsql-hackers by date:

From: Stephen Frost
Date: 02 December 2013, 23:54:32
Subject: Re: Trust intermediate CA for client certificates

From: Bruce Momjian
Date: 03 December 2013, 00:01:01
Subject: Re: Trust intermediate CA for client certificates

Re: Trust intermediate CA for client certificates - Mailing list pgsql-hackers

Previous

Next