From: | harpagornis <shenlong(at)runbox(dot)com> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | SSL Certificates in Windows 7 & Postgres 9.3 |
Date: | 2014-12-15 19:41:41 |
Message-ID: | 1418672501407-5830749.post@n5.nabble.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
I am trying to connect using SSL in Windows 7 and Postgres v9.3. The console
output error message is "Failed to establish a connection to 127.0.0.1" The
error message from the pg_log is:
-----------------------------------------------------------
2014-12-15 19:20:24 GMT FATAL: connection requires a valid client
certificate
2014-12-15 19:20:25 GMT FATAL: connection requires a valid client
certificate
2014-12-15 19:20:26 GMT FATAL: no pg_hba.conf entry for host "127.0.0.1",
user "SYSTEM", database "postgres", SSL off
2014-12-15 19:20:55 GMT LOG: could not accept SSL connection: No connection
could be made because the target machine actively refused it.
-----------------------------------------------------------
This is the connection string from the console app.
string conStr =
"Server=127.0.0.01; " +
"User Id=my_role; " +
"Password=''; " +
"Database=dbname; " +
"SSL=True; " +
"Sslmode=Require; ";
-----------------------------------------------------------
This is the pg_hba.conf
hostssl all all 127.0.0.1/32 cert clientcert=1
hostssl all all ::1/128 cert clientcert=1
-----------------------------------------------------------
This is the postgresql.conf
listen_addresses = '*'
port = 5432
max_connections = 100
ssl = on
ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH'
ssl_renegotiation_limit = 512MB
ssl_cert_file = 'server.crt'
ssl_key_file = 'server.key'
ssl_ca_file = 'root.crt'
password_encryption = off
shared_buffers = 128MB
-----------------------------------------------------------
I followed all documentation for creating the certificates, ie.
-----------------------------------------------------------
Server Side
openssl genrsa -des3 -out server.key 2048
openssl rsa -in server.key -out server.key
openssl req -new –key server.key -days 3650 -out server.crt –config
"D:\openssl\v9.8\openssl.cnf”
-----------------------------------------------------------
Client Side
openssl genrsa -des3 -out postgresql.key 2048
openssl rsa -in postgresql.key -out postgres.key
openssl req -new -key postgresql.key -out postgresql.csr –config
"D:\openssl\v9.8\openssl.cnf”
copy server.crt root.crt
openssl x509 -req -in postgresql.csr -CA root.crt -CAkey server.key -out
postgresql.crt -CAcreateserial
----------------------------------------------------------
Windows Pkcs12 file:
openssl pkcs12 -export -out postgrcli.p12 -name "My Certificate" -in
postgresql.crt
-inkey postgresql.key
-----------------------------------------------------------
The Visual Studio solution includes as a project / reference, the source
code of Npgsql v2.2.0.
However, the program never reaches any of the breakpoints I put throughout
the Npgsql code .
-----------------------------------------------------------
I really need some help, please. Any suggestions? I have scoured the
documentation and the internet. Maybe I can try a psql command. What would
that command be with the certificate included? Thank you in advance.
--
View this message in context: http://postgresql.nabble.com/SSL-Certificates-in-Windows-7-Postgres-9-3-tp5830749.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.
From | Date | Subject | |
---|---|---|---|
Next Message | Joseph Kregloh | 2014-12-15 20:29:30 | Re: Pausing log shipping for streaming replication |
Previous Message | Andy Colson | 2014-12-15 19:41:08 | Re: Pausing log shipping for streaming replication |