| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Marc-André Laverdière <marc-andre(at)atc(dot)tcs(dot)com> |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: SSL root.crt not loading |
| Date: | 2011-04-25 16:40:36 |
| Message-ID: | 15856.1303749636@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
=?ISO-8859-1?Q?Marc-Andr=E9_Laverdi=E8re?= <marc-andre(at)atc(dot)tcs(dot)com> writes:
>> My pg_hba.conf file is configured with this:
>> hostssl all abc ::1/128 cert clientcert=1
>> Yet I am unable to start the server. This is what I get on startup:
>> $ sudo /etc/init.d/postgresql start 9.0
>> * Starting PostgreSQL 9.0 database server
>> * The PostgreSQL server failed to start. Please check the log output:
>> 2011-03-17 16:39:13 IST LOG: client certificates can only be checked
>> if a root certificate store is available
>> 2011-03-17 16:39:13 IST HINT: Make sure the root.crt file is present
>> and readable.
>> 2011-03-17 16:39:13 IST CONTEXT: line 93 of configuration file
>> "/etc/postgresql/9.0/main/pg_hba.conf"
>> 2011-03-17 16:39:13 IST FATAL: could not load pg_hba.conf
Hmm, did you remember to set ssl = on in postgresql.conf? While
experimenting I accidentally found out it will react like this if
it finds clientcert=1 in pg_hba.conf but SSL wasn't enabled in
postgresql.conf. Needless to say, that's not a very friendly error
response --- will see about improving it.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Grzegorz Szpetkowski | 2011-04-25 18:12:56 | Re: SSL root.crt not loading |
| Previous Message | Grzegorz Szpetkowski | 2011-04-25 15:30:26 | Re: SSL root.crt not loading |