Re: Connection string parameter "sslrootcert" does not work - Mailing list pgsql-odbc
| From | Ed Hutchinson |
|---|---|
| Subject | Re: Connection string parameter "sslrootcert" does not work |
| Date | |
| Msg-id | CAO99JCM_54=x=s4UZJGkREo+w07GObt8pd1ALDjQoxYsZ8TAdw@mail.gmail.com Whole thread Raw |
| In response to | Re: Connection string parameter "sslrootcert" does not work (Adrian Klaver <adrian.klaver@aklaver.com>) |
| Responses |
Re: Connection string parameter "sslrootcert" does not work
(Adrian Klaver <adrian.klaver@aklaver.com>)
Re: Connection string parameter "sslrootcert" does not work ("Inoue, Hiroshi" <inoue@tpf.co.jp>) |
| List | pgsql-odbc |
Thanks, Adrian.
Sorry, I should have provided more details.
1) Using this connection string on Windows:
DRIVER={PostgreSQL Unicode};DATABASE=dbedhTest;SERVER=edhpostgresql.cn4dj2uqcnwe.us-west-1.rds.amazonaws.com;UID=MyUser;PWD=********;PORT=5432;BOOLSASCHAR=0;LFCONVERSION=0;UseDeclareFetch=1;sslmode=verify-full;sslrootcert=D:\\temp\\rds-ssl-ca-cert.pem
I get back:
root certificate file \"C:\\Users\\edhutch\\AppData\\Roaming/postgresql/root.crt\" does not exist\nEither provide the file or change sslmode to disable server certificate verification.
2) Using this connection string on Windows:
DRIVER={PostgreSQL Unicode};DATABASE=dbedhTest;SERVER=edhpostgresql.cn4dj2uqcnwe.us-west-1.rds.amazonaws.com;UID=MyUser;PWD=********;PORT=5432;BOOLSASCHAR=0;LFCONVERSION=0;UseDeclareFetch=1;sslmode=verify-full;sslrootcert=D:/temp/rds-ssl-ca-cert.pem
I get back the same error:
root certificate file \"C:\\Users\\edhutch\\AppData\\Roaming/postgresql/root.crt\" does not exist\nEither provide the file or change sslmode to disable server certificate verification.
3) Using this connection string on Mac OS X:
DRIVER={PostgreSQL Unicode};DATABASE=dbedhTest;SERVER=edhpostgresql.cn4dj2uqcnwe.us-west-1.rds.amazonaws.com;UID=MyUser;PWD=********;PORT=5432;BOOLSASCHAR=0;LFCONVERSION=0;UseDeclareFetch=1;sslmode=verify-full;sslrootcert=/Users/edhutch/temp/rds-ssl-ca-cert.pem
I get back:
root certificate file \"/Users/edhutch/.postgresql/root.crt\" does not exist\nEither provide the file or change sslmode to disable server certificate verification.
When I rename the pem file to root.crt and place it in the default location that the driver expects, the connection goes through fine.
On Tue, Nov 11, 2014 at 7:10 AM, Adrian Klaver <adrian.klaver@aklaver.com> wrote:
On 11/10/2014 04:25 PM, Ed Hutchinson wrote:Hi,
I am using the psqlODBC driver to connect to Amazon RDS. I am able
to connect successfully after enabling SSL encryption via the connection
string parameter "sslmode=require". I want to now enable verification of
server identity too, which means that I need to provide the CA
certificate path to the Postgres driver. I tried the connection
parameters "sslmode=verify-full;sslrootcert=<path to CA file>", but the
driver is not able to pick up the file from the specified path (I tried
on Windows and Mac OS X). Things work, however, when the certificate is
placed in the default place the driver looks in -
%APPDATA%\Roaming\postgresql\root.crt on Windows; ~/.postgresql/root.crt
on Mac.
Is this a bug that needs to be fixed or am I doing something wrong?
I am using psqlodbc version 09_03_0300-1.
Not sure, how are you specifying the path to the certificate?--
Adrian Klaver
adrian.klaver@aklaver.com
pgsql-odbc by date: