Thread: SSL connections
Hi, One of my customer told me that another PostgreSQL admin tool requires to enter sslcert, sslkey, sslrootcert, and sslcrl to try an SSL connection. Is this true? do we have to require that all fields are filled? reading the documentation, I think no. There are default values for each of them, so we don't need to put each field in the connection packet. But I may be wrong. Anyone with more knowledge than me on this issue? Thanks. -- Guillaume http://blog.guillaume.lelarge.info http://www.dalibo.com
On Tue, Oct 4, 2011 at 9:12 PM, Guillaume Lelarge <guillaume@lelarge.info> wrote: > Hi, > > One of my customer told me that another PostgreSQL admin tool requires > to enter sslcert, sslkey, sslrootcert, and sslcrl to try an SSL > connection. Is this true? do we have to require that all fields are > filled? reading the documentation, I think no. There are default values > for each of them, so we don't need to put each field in the connection > packet. But I may be wrong. Anyone with more knowledge than me on this > issue? No you don't need to fill them in to use SSL. Even certificate based auth doesn't *require* you to set any of those values. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company
On Tue, 2011-10-04 at 21:16 +0100, Dave Page wrote: > On Tue, Oct 4, 2011 at 9:12 PM, Guillaume Lelarge > <guillaume@lelarge.info> wrote: > > Hi, > > > > One of my customer told me that another PostgreSQL admin tool requires > > to enter sslcert, sslkey, sslrootcert, and sslcrl to try an SSL > > connection. Is this true? do we have to require that all fields are > > filled? reading the documentation, I think no. There are default values > > for each of them, so we don't need to put each field in the connection > > packet. But I may be wrong. Anyone with more knowledge than me on this > > issue? > > No you don't need to fill them in to use SSL. Even certificate based > auth doesn't *require* you to set any of those values. > Great, thanks :) -- Guillaume http://blog.guillaume.lelarge.info http://www.dalibo.com