On 11/20/20 4:54 PM, Corbit, Dann wrote:
>
> I would like to have all my certificates and keys on the same machine
> (localhost for local connections and dcorbit for tcp/ip).
> I found a couple tutorials and tried them but it failed.
> I saw one document that said the common name should be the postgres
> user name and that it should also be the connecting machine name. Is
> that correct?
> Is there a document or tutorial that explains the correct steps?
I did a webinar about a year ago that went into some detail about what
you need in the CN, where the certificates go, etc.
See
<
https://resources.2ndquadrant.com/using-ssl-with-postgresql-and-pgbouncer>
(Yes, this is a corporate webinar, sorry about that)
> Equally important, is there a way to get more complete diagnostics
> when something goes wrong (like WHY did the certificate verify fail)?
>
The diagnostics in the Postgres log are usually fairly explanatory.
cheers
andrew