| From: | Ray Stell <stellr(at)vt(dot)edu> |
|---|---|
| To: | Mark Steben <mark(dot)steben(at)drivedominion(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: configuring openssl for postgres 9.2 for the first time |
| Date: | 2014-01-31 22:48:42 |
| Message-ID: | 0ECC8D78-AB31-4E05-A7A1-C9CC24E99F42@vt.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Jan 30, 2014, at 2:00 PM, Mark Steben <mark(dot)steben(at)drivedominion(dot)com> wrote:
> Hello,
>
> We are looking to provide openssl methodology into our testing environment. I've run into this issue
> when attempting to access from a client to a remote postgres server after SSL configuration:
>
> from client 10.10.4.34:
> psql -U postgres marktst -h 10.10.4.52
> psql: FATAL: no pg_hba.conf entry for host "10.10.4.34", user "postgres", database "marktst", SSL off
>
You might back off from ssl, client authentication just to see what happens with:
hostssl all all 0.0.0.0/0 md5 clientcert=1
this will provide the client auth of the server and require a password auth for the client. Hopefully that works first. I've seen your msg and had some effect with the following env variable, but it's probably a long shot:
"PGSSLMODE behaves the same as the sslmode"
http://www.postgresql.org/docs/9.3/static/libpq-envars.html
PGSSLMODE=verify-full will cause the client to verify that the CN on the server certificate matches the hostname of the server. disable will only try a non-SSL connection which will not be compatible with the pg_hba config.
It is a bit of a fishing expedition.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sergey Konoplev | 2014-02-01 00:43:14 | Re: odd pg_start_backup() issue |
| Previous Message | Lou Picciano | 2014-01-31 19:01:31 | Re: configuring openssl for postgres 9.2 for the first time |