| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | Paul Jungwirth <pj(at)illuminatedcomputing(dot)com> |
| Cc: | pgsql <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Refresh Postgres SSL certs? |
| Date: | 2014-04-09 20:32:13 |
| Message-ID: | 20140409203212.GB7062@svana.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Apr 09, 2014 at 12:59:53PM -0700, Paul Jungwirth wrote:
> > Have you read the Debian README?
> > /usr/share/doc/postgresql-*/README.Debian.gz
>
> Thank you for pointing me to that file. From
> /etc/share/doc/ssl-cert/README it sounds like the old snakeoil cert is
> already self-signed, so that's promising. So I take it that psql and
> the postgres client library won't object to a self-signed cert. Do
> they do any kind of certificate pinning or other caching of the old
> cert? Or can I just replace the cert, restart the postgres server, and
> be done?
No pinning, no caching.
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> He who writes carelessly confesses thereby at the very outset that he does
> not attach much importance to his own thoughts.
-- Arthur Schopenhauer
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Marlowe | 2014-04-09 20:33:49 | Re: Linux vs FreeBSD |
| Previous Message | Bruce Momjian | 2014-04-09 20:20:09 | Re: Linux vs FreeBSD |