Thread: could not accept SSL connection: peer did not return a certificate
Hello,
I am attempting to upgrade a 7.4.x server to a 8.0.x server.
I have read the release notes and read the administration documentation for changes to SSL requirements and cannot find anything that suggests SSL connections have changed.
Yet when I try to connect with old client applications using SSL I get the following error reported in the server log:
"could not accept SSL connection: peer did not return a certificate"
Is there somewhere that documents the change from 7.4.x to 8.0.x with regards to SSL connections?
Additionally is there a configuration parameter that allows clients to connect with SSL on a 8.0.x server like it was a 7.4.x server?
Regards
Donald Fraser
On Mon, 20 Mar 2006, Donald Fraser wrote: > Yet when I try to connect with old client applications using SSL I get the following error reported in the server log: > "could not accept SSL connection: peer did not return a certificate" Donald, Are you attempting to use SSL certificates for client authentication? It sounds like you have a root.crt in your PGDATA directory, but your clients are not setup to provide a certificate upon connection and thus the server is denying access. -- Jeff Frost, Owner <jeff@frostconsultingllc.com> Frost Consulting, LLC http://www.frostconsultingllc.com/ Phone: 650-780-7908 FAX: 650-649-1954
> > Yet when I try to connect with old client applications using SSL I get > > the following error reported in the server log: > > "could not accept SSL connection: peer did not return a certificate" > Are you attempting to use SSL certificates for client authentication? It > sounds like you have a root.crt in your PGDATA directory, but your clients > are not setup to provide a certificate upon connection and thus the > server is denying access. Hi Jeff, you are spot on, Thanks. I just set up the new server for SSL as the old 7.4.x server was. For some reason, with a root.crt present, 7.4.x distributions do not enforce receiving a client certificate so I never got this problem before. Thanks again regards Donald Fraser.