Thank you Tom,
I already had the full path for the root certificate, sorry I got lazy retyping the command on my personal computer.
After also entering the full path for sslcert and sslkey, I'm getting "sslv3 alert certificate expired".
Now I just need to figure out which one but I already have a pretty good idea.
Thank you again! Regards,
Valère
Valere Binet <valere.binet@gmail.com> writes:
> I'm completely new to postgresql and I'm struggling with its SSL
> configuration.
It sounds like you have the right certs in the right files.
I wonder though whether the client is actually picking up the
client-side cert/key.
In particular, a quick look at the libpq source code indicates
that it doesn't have any mechanism for expanding "~" in the sslcert
etc. parameters: you need to write out the full path verbatim.
(But it also looks like you should have gotten an error about
not finding the sslrootcert file, so I'm not quite sure if this
theory is correct.)
Another thing to look into is whether the order of the certs
in the multi-cert files matters.
regards, tom lane
