Thread: pgAdmin 1.8.2 SSL connection woes
I might be missing the point here, but I can't seem to get pgAdmin to initiate an SSL encrypted connection to any of our PostgreSQL servers (mainly 8.2, some 8.3) but using password (md5) authentication. Setting SSL to require in the connection properties for the server leads to "could not read certificate" or "could not read private key file" messages. This makes sense if I were trying to connect using client ceritificates for authentication but not for md5 type auth. Any thoughts on the matter would be much appreiciated. Kind regards, Richard Tector P.S. I'm not subscribed to the list, so please keep me CC'd. Thanks.
On Wed, Jun 18, 2008 at 5:48 PM, Richard Tector <richardtector@thekeelecentre.com> wrote: > I might be missing the point here, but I can't seem to get pgAdmin to > initiate an SSL encrypted connection to any of our PostgreSQL servers > (mainly 8.2, some 8.3) but using password (md5) authentication. > Setting SSL to require in the connection properties for the server leads to > "could not read certificate" or "could not read private key file" messages. > This makes sense if I were trying to connect using client ceritificates for > authentication but not for md5 type auth. > > Any thoughts on the matter would be much appreiciated. I suspect you have a root certificate (root.crt) in your data directory on the server. If this is found at server start, client certificates will be requested to authenticate the client (not the user) whenever an SSL connection is initiated. See http://www.postgresql.org/docs/8.3/static/ssl-tcp.html for more details. -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com
Dave Page wrote: > On Wed, Jun 18, 2008 at 5:48 PM, Richard Tector > <richardtector@thekeelecentre.com> wrote: >> I might be missing the point here, but I can't seem to get pgAdmin to >> initiate an SSL encrypted connection to any of our PostgreSQL servers >> (mainly 8.2, some 8.3) but using password (md5) authentication. >> Setting SSL to require in the connection properties for the server leads to >> "could not read certificate" or "could not read private key file" messages. >> This makes sense if I were trying to connect using client ceritificates for >> authentication but not for md5 type auth. >> >> Any thoughts on the matter would be much appreiciated. > > I suspect you have a root certificate (root.crt) in your data > directory on the server. If this is found at server start, client > certificates will be requested to authenticate the client (not the > user) whenever an SSL connection is initiated. See > http://www.postgresql.org/docs/8.3/static/ssl-tcp.html for more > details. > Excellent point. I'd never picked up on that. Thanks very much, it's now working as required. Richard