| From: | Cary Huang <cary(dot)huang(at)highgo(dot)ca> |
|---|---|
| To: | "Jeff Janes" <jeff(dot)janes(at)gmail(dot)com> |
| Cc: | "Axel Rau" <Axel(dot)Rau(at)chaos1(dot)de>, "pgsql-admin" <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: SSL cert "not initialized" error with logical replication with 13.11 |
| Date: | 2023-06-21 17:18:23 |
| Message-ID: | 188def6e7c3.e5c815f6150300.1204203706527206764@highgo.ca |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hello
expired CA certificate could also cause "SSL error: sslv3 alert certificate expired" error. You should check the validity of your CA certificate.
You can use this openssl command to verify your CA and your server certificate, see if it gives the same "certificate verify failed" error
openssl verify -verbose -CAfile $PATH_TO_CACERT $PATH_TO_SERVER_CERT
or it could be that your server clock is wrong, which is unlikely though.
best regards
Cary Huang
-----------------------------
Highgo Software (Canada)
---- On Wed, 21 Jun 2023 08:05:15 -0700 Jeff Janes <jeff(dot)janes(at)gmail(dot)com> wrote ---
On Wed, Jun 21, 2023 at 6:11 AM Axel Rau <mailto:Axel(dot)Rau(at)chaos1(dot)de> wrote:
Hi all,
After upgrading to 13.11, Publisher no longer accepts cert of subscriber.
What did you upgrade from? How did you do the upgrade?
Publisher:
"connection received: host=<some IP6> port=32501",,,,,,,,,"","not initialized"
"could not accept SSL connection: certificate verify failed",,,,,,,,,"","not initialized"
Your log files appear to have been mutilated. What column is 'not initialized' appearing in?
Servercert:
...
Validity
Not Before: Aug 18 09:12:35 2022 GMT
Not After : Aug 29 09:12:35 2023 GMT
What about the validity of the CA?
Cheers,
Jeff
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sean O'Grady | 2023-06-21 17:32:13 | Re: Question about wal_compression and what to expect |
| Previous Message | Wells Oliver | 2023-06-21 16:32:38 | Re: AWS RDS "sessions" and pg_stat_activity |