Thread: could not accept SSL connection: peer did not return a certificate

could not accept SSL connection: peer did not return a certificate

From
"Donald Fraser"
Date:
Hello,
I am attempting to upgrade a 7.4.x server to a 8.0.x server.
 
I have read the release notes and read the administration documentation for changes to SSL requirements and cannot find anything that suggests SSL connections have changed.
 
Yet when I try to connect with old client applications using SSL I get the following error reported in the server log:
"could not accept SSL connection: peer did not return a certificate"
 
Is there somewhere that documents the change from 7.4.x to 8.0.x with regards to SSL connections?
Additionally is there a configuration parameter that allows clients to connect with SSL on a 8.0.x server like it was a 7.4.x server?
 
Regards
Donald Fraser

Re: could not accept SSL connection: peer did not return a

From
Jeff Frost
Date:
On Mon, 20 Mar 2006, Donald Fraser wrote:

> Yet when I try to connect with old client applications using SSL I get the following error reported in the server
log:
> "could not accept SSL connection: peer did not return a certificate"

Donald,

Are you attempting to use SSL certificates for client authentication?  It
sounds like you have a root.crt in your PGDATA directory, but your clients are
not setup to provide a certificate upon connection and thus the server is
denying access.

--
Jeff Frost, Owner     <jeff@frostconsultingllc.com>
Frost Consulting, LLC     http://www.frostconsultingllc.com/
Phone: 650-780-7908    FAX: 650-649-1954

Re: could not accept SSL connection: peer did not return a

From
"Donald Fraser"
Date:
> > Yet when I try to connect with old client applications using SSL I get
> > the following error reported in the server log:
> > "could not accept SSL connection: peer did not return a certificate"

> Are you attempting to use SSL certificates for client authentication?  It
> sounds like you have a root.crt in your PGDATA directory, but your clients
> are not setup to provide a certificate upon connection and thus the
> server is denying access.

Hi Jeff, you are spot on, Thanks.
I just set up the new server for SSL as the old 7.4.x server was.
For some reason, with a root.crt present, 7.4.x distributions do not enforce
receiving a client certificate so I never got this problem before.

Thanks again
regards
Donald Fraser.