Re: ssl to more than one server

On Thu, 29 Jan 2009 12:53:20 -0500
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Ivan Sergio Borgonovo <mail(at)webthatworks(dot)it> writes:
> > I succeded to connect to one postgresql server with ssl.
> > Now it's the time of the second... but postgresql clients (pgsql)
> > just look at ~/.postgresql/postgresql.(key|crt)
> > So I can't put in ~/.postgresql/ another [].crt coming from
> > another server.

> Not an ssl expert, but I think you just concatenate all the keys
> you need into the one text file.

I did a cat new.(crt|key) >> postgresql.(crt|key) on the client.
The old "server" still work. The new one still doesn't.

I took notes on how I did the first time and I think they were
enough detailed to repeat the process but I've to admit I really
didn't understand what I did the first time, so I'm not absolutely
sure if I really did it right.

Somehow I haven't been able to find an howto that really explain how
to do it and grasp enough to be confident to bend it enough to a bit
broader context.

I just know that eg. auto-signing a certificate for apache is much
easier and doesn't involve moving files across client and server.

I think a clearer guide from some pg/ssl guru will be certainly very
welcome by all the users.

The server is not complaining... actually it is the client that is
not able to reply with a proper key.

--
Ivan Sergio Borgonovo
http://www.webthatworks.it