Re: SSL between Primary and Seconday PostgreSQL DBs - Mailing list pgsql-general

From Susan Joseph
Subject Re: SSL between Primary and Seconday PostgreSQL DBs
Date
Msg-id 875525261.2709349.1599140820429@mail.yahoo.com
Whole thread Raw
In response to Re: SSL between Primary and Seconday PostgreSQL DBs  (Stephen Frost <sfrost@snowman.net>)
List pgsql-general


Susan Joseph
sandajoseph@verizon.net


-----Original Message-----
From: Stephen Frost <sfrost@snowman.net>
To: Susan Joseph <sandajoseph@verizon.net>
Cc: pgsql-general@postgresql.org <pgsql-general@postgresql.org>
Sent: Thu, Sep 3, 2020 9:12 am
Subject: Re: SSL between Primary and Seconday PostgreSQL DBs

Greetings,

* Susan Joseph (sandajoseph@verizon.net) wrote:
> So I made the changes on the secondary to change the sslmode to verify-fullI removed the clientcert=1 in pg_hba.conf and removed any connections other than sslI removed the passfile info from recovery.confand now I am getting this error:
> 2020-09-03 13:01:49.990 UTC [7963] FATAL:  could not connect to the primary server: server certificate for "lc-subca-pg.theforest.sap" does not match host name "192.168.1.142"

>>Yes, as I explained, because of exactly the issue that the host you've
>>told your secondary to connect to (looks like 192.168.1.142) doesn't
>>match the certificate presented by the primary (which looks to be
>>"lc-subca-pg.theforest.sap").

OK so I fixed that in my recovery.conf file so it is not set to the IP but to the FQDN and it is no longer throwing this error.

>>The answer is to make those two match.


Thanks,

Stephen

pgsql-general by date:

Previous
From: Siva postgres
Date:
Subject: Re: ODBC Driver dsplay name
Next
From: Peter Eisentraut
Date:
Subject: Re: SSL between Primary and Seconday PostgreSQL DBs