Thread: SSL Connectivity on Solaris 10 x86
Hello Everyone,
I have configured SSL for my postgreSQL setup. The environment is
PostgreSQL 8.2.5 (64-bit) built using Sun tools with ssl flag
OpenSSL 0.9.8d 28 Sep 2006
OpenSolaris 5.11 snv_73
I have configured the server key and certificate file using openssl. The connection between a remote client and the server works fine. I can see the following message at the client side....
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
The problem part now...
I am seeing this "Connection reset by peer" message in the postmaster.log file, but the connection between the client and server does get established and works fine too...
Secondly, How do i enable SSL authentication between client and server. I think right now it's just communication at the SSL layer.
LOG: could not load root certificate file "root.crt": No such file or directory
DETAIL: Will not verify client certificates.
LOG: database system was shut down at 2007-10-28 01:24:52 EDT
LOG: checkpoint record is at 0/61799D90
LOG: redo record is at 0/61799D90; undo record is at 0/0; shutdown TRUE
LOG: next transaction ID: 0/1183; next OID: 32774
LOG: next MultiXactId: 1; next MultiXactOffset: 0
LOG: database system is ready
LOG: could not receive data from client: Connection reset by peer
The document talks about creating root certificate file and signing the client certificates with it, but somehow I am a bit confused about it.
Any help would be much appreciated.
Regards,
dotyet
I have configured SSL for my postgreSQL setup. The environment is
PostgreSQL 8.2.5 (64-bit) built using Sun tools with ssl flag
OpenSSL 0.9.8d 28 Sep 2006
OpenSolaris 5.11 snv_73
I have configured the server key and certificate file using openssl. The connection between a remote client and the server works fine. I can see the following message at the client side....
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
The problem part now...
I am seeing this "Connection reset by peer" message in the postmaster.log file, but the connection between the client and server does get established and works fine too...
Secondly, How do i enable SSL authentication between client and server. I think right now it's just communication at the SSL layer.
LOG: could not load root certificate file "root.crt": No such file or directory
DETAIL: Will not verify client certificates.
LOG: database system was shut down at 2007-10-28 01:24:52 EDT
LOG: checkpoint record is at 0/61799D90
LOG: redo record is at 0/61799D90; undo record is at 0/0; shutdown TRUE
LOG: next transaction ID: 0/1183; next OID: 32774
LOG: next MultiXactId: 1; next MultiXactOffset: 0
LOG: database system is ready
LOG: could not receive data from client: Connection reset by peer
The document talks about creating root certificate file and signing the client certificates with it, but somehow I am a bit confused about it.
Any help would be much appreciated.
Regards,
dotyet
"Dot Yet" <dot.yet@gmail.com> writes:
> I am seeing this "Connection reset by peer" message in the
> postmaster.logfile, but the connection between the client and server
> does get established
> and works fine too...
What pg_hba.conf setup are you using? I'm thinking that this might be
expected behavior if it's password-based, because psql drops the
connection before prompting the user for a password when the server
tells it a password is needed.
regards, tom lane
I am using md5. OK. thanks for the clue... Now, for the root certificate.... anyone? :)
regards,
dotyet
regards,
dotyet
On 10/30/07, Tom Lane < tgl@sss.pgh.pa.us> wrote:
"Dot Yet" < dot.yet@gmail.com> writes:
> I am seeing this "Connection reset by peer" message in the
> postmaster.logfile, but the connection between the client and server
> does get established
> and works fine too...
What pg_hba.conf setup are you using? I'm thinking that this might be
expected behavior if it's password-based, because psql drops the
connection before prompting the user for a password when the server
tells it a password is needed.
regards, tom lane