Home > mailing lists

Re: ssl woes after 8.1 -> 8.3 update - Mailing list pgsql-general

From	Tomasz Myrta
Subject	Re: ssl woes after 8.1 -> 8.3 update
Date	October 16, 2008 17:01:01
Msg-id	gd7rfd$1pvg$1@news.hub.org Whole thread Raw
In response to	ssl woes after 8.1 -> 8.3 update (Ivan Sergio Borgonovo <mail@webthatworks.it>)
Responses	Re: ssl woes after 8.1 -> 8.3 update (Ivan Sergio Borgonovo <mail@webthatworks.it>)
List	pgsql-general

Tree view

Ivan Sergio Borgonovo napisal 16.10.2008 16:29:
> Debian etch + backported postgresql
>
> I just copied pg_hba.conf from 8.1 to 8.3.
>
> on postgresql.conf
> ssl=true
> listen_addresses = '*'
>
> symlinked root.crt -> /etc/ssl/certs/ssl-cert-snakeoil.pem

As described in documentation, giving "root.crt" to server means your
clients need client certificate to connect.


> Error connecting to the server: could not open certificate file
> "/home/ivan/.postgresql/postgresql.crt": No such file or directory

It looks like you don't have client certificate.

> is there an howto to do things properly in spite of just trial and
> errors?


This one should be enough:
http://www.postgresql.org/docs/current/interactive/ssl-tcp.html

You should either provide matching client certificate or remove root.crt
from server configuration.

--
Regards,
Tomasz Myrta

pgsql-general by date:

From: Martijn van Oosterhout
Date: 16 October 2008, 16:44:35
Subject: Re: Optimizing projections containing unused columns

From: Ivan Sergio Borgonovo
Date: 16 October 2008, 17:28:30
Subject: Re: ssl woes after 8.1 -> 8.3 update

Re: ssl woes after 8.1 -> 8.3 update - Mailing list pgsql-general

Previous

Next