Postgres Pro
Downloads
Home   >   mailing lists

Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11 - Mailing list pgsql-general

From Yi Sun
Subject Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11
Date
Msg-id CABWY_HBYO3sYs5o1PSPmDKdGrPJDWpz1fpKShaB03ZGyJz94UQ@mail.gmail.com
Whole thread Raw
In response to Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11  (Kyotaro Horiguchi <horikyota.ntt@gmail.com>)
Responses Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11  (Kyotaro Horiguchi <horikyota.ntt@gmail.com>)
List pgsql-general
Tree view
Hi Kyotaro,

We want to revoke server certificate, just don't know why doesn't take affect

Kyotaro Horiguchi <horikyota.ntt@gmail.com> 于2021年12月1日周三 下午2:12写道:
At Tue, 30 Nov 2021 21:53:06 +0800, Yi Sun <yinan81@gmail.com> wrote in
> # cat /home/sunyi/tls/root.crt /home/sunyi/tls/1/root.crl > /tmp/test_1.pem
> # openssl verify -extended_crl -verbose -CAfile /tmp/test_1.pem -crl_check
> /home/sunyi/tls/1/server.crt

I guess what you really wanted to revoke was not server.crt but
postgresql.crt.

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

pgsql-general by date:

Previous
From: Dilip Kumar
Date:
Subject: Re: Max connections reached without max connections reached
Next
From: Daniel Gustafsson
Date:
Subject: Re: Issues cross-compiling libpq 14.x to MacOS armv8