Using pg 7.4.8 on RHEL4.
I produced a server.crt and server.key using the server computer, as described
in 7.4.8 docs section 16.7. As expected the log reports that root.crt was
not found during server startup. On connection, psql (8.0.3 on WinXP) reports
"SSL connection". Thus, SSL encryption seems to work.
I copied server.crt to root.crt. New startup, and the server did no longer
complain about missing root.crt, as expected if the root.crt was found OK.
Connection still works as above. Thus, no client verification appears to
take place, and I cannot see any warnings. I have not been able to find
more information on the requirements for the root.crt file. Would be nice
to have this in the docs. Does the copy of server.crt not work because it
is self-signed, or is a different kind of crt needed?
Comments appreciated,
KPL