Home > mailing lists

Log the incoming old SSL certs by pid or any way - Mailing list pgsql-general

From	Durumdara
Subject	Log the incoming old SSL certs by pid or any way
Date	June 25, 2020 10:34:40
Msg-id	CAEcMXhnSE+Dss_LPjwsyTnw1t7Z64WayEuTbHiZvGgB_RAv4ng@mail.gmail.com Whole thread Raw
Responses	Re: Log the incoming old SSL certs by pid or any way (Christoph Moench-Tegeder <cmt@burggraben.net>)
List	pgsql-general

Hello!

PGSQL 9.6, Linux, SSL.

We want to change certs to new, but somehow we need to detect which old cert is in use before the expiration.

So now they could connect with old and new too. We want to warn the clients with old certs to update, before they will be denied.

Do we have chance to log somewhere the connected client's certificate, or some info about it?

As I know the CRL can block unwanted certs - they will be denied.

Is there any, similar list where we can registrate the cert and when it used we can log it?

Do you know about any mechanism for this? I hope you understand what we need.

Thank you for it!

From: Fabien COELHO
Date: 25 June 2020, 10:02:58
Subject: Re: pgbench and timestamps

From: Jaime Soler
Date: 25 June 2020, 10:50:27
Subject: Re: pgbench and timestamps