Thread: SSL with Beta3 - "could not load root certificate file"

SSL with Beta3 - "could not load root certificate file"

From
"G Reina"
Date:
I know that some SSL stuff was corrected between beta2 and beta3. I've been 
getting an error at postmaster startup, but don't know enough about SSL to 
determine if it is ok. Encryption seems to be working (which is all I care 
about).

The error in the serverlog is:
LOG:  could not load root certificate file 
"/database/local/pgsql/data/root.crt": No such file or directory
DETAIL:  Will not verify client certificates.
LOG:  database system was shut down at 2004-10-09 10:50:50 CEST
LOG:  checkpoint record is at 0/464C90C
LOG:  redo record is at 0/464C90C; undo record is at 0/0; shutdown TRUE
LOG:  next transaction ID: 39081; next OID: 21438
LOG:  database system is ready

The SSL certificate (server.crt) was made following the instructions in the 
Postgres documentation. Note, that root.crt is not specified in this 
documentation. I'm not sure if the file needs to be called 'root.crt' or 
'server.crt'. Simply renaming the file doesn't work as I get an error:

psql: SSL error: sslv3 alert handshake failure

I'm sure this is just a misunderstanding on my part, but thought it could be 
spelled out a little better in the on-line documentation.

-Tony

Setup:  PostgreSQL 8.0.0beta3 on i686-pc-linux-gnu, compiled by GCC gcc 
(GCC) 3.3.2 20031022 (Red Hat Linux 3.3.2-1) (Fedora Core 1)

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
hthttp://messenger.msn.click-url.com/go/onm00200471ave/direct/01/



Re: SSL with Beta3 - "could not load root certificate file"

From
Tom Lane
Date:
"G Reina" <reina_ga@hotmail.com> writes:
> The error in the serverlog is:
> LOG:  could not load root certificate file 
> "/database/local/pgsql/data/root.crt": No such file or directory
> DETAIL:  Will not verify client certificates.

This is not an error.

> The SSL certificate (server.crt) was made following the instructions in the 
> Postgres documentation. Note, that root.crt is not specified in this 
> documentation.

Yes it is; see
http://developer.postgresql.org/docs/postgres/ssl-tcp.html
near the bottom of the page, and also
http://developer.postgresql.org/docs/postgres/libpq-ssl.html
        regards, tom lane


Re: SSL with Beta3 - "could not load root certificate file"

From
"Tony and Bryn Reina"
Date:
>> The SSL certificate (server.crt) was made following the instructions in 
>> the
>> Postgres documentation. Note, that root.crt is not specified in this
>> documentation.
>
> Yes it is; see
> http://developer.postgresql.org/docs/postgres/ssl-tcp.html
> near the bottom of the page, and also
> http://developer.postgresql.org/docs/postgres/libpq-ssl.html
>

Oh, I see now. I wasn't looking at the developer docs.

Make sense now.

-Tony