| From: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
|---|---|
| To: | yinan81(at)gmail(dot)com |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11 |
| Date: | 2021-12-02 00:28:48 |
| Message-ID: | 20211202.092848.1191079113557514098.horikyota.ntt@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
At Wed, 1 Dec 2021 16:56:11 +0800, Yi Sun <yinan81(at)gmail(dot)com> wrote in
> We want to revoke server certificate, just don't know why doesn't take
> affect
> https://www.postgresql.org/docs/11/ssl-tcp.html
> https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-CRL-FILE
Understood. ~/.postgresq/root.crl is required to check server
revokation.
https://www.postgresql.org/docs/11/libpq-ssl.html
> To allow server certificate verification, one or more root
> certificates must be placed in the file ~/.postgresql/root.crt in the
> user's home directory. (On Microsoft Windows the file is named
> %APPDATA%\postgresql\root.crt.) Intermediate certificates should also
> be added to the file if they are needed to link the certificate chain
> sent by the server to the root certificates stored on the client.
>
> Certificate Revocation List (CRL) entries are also checked if the file
> ~/.postgresql/root.crl exists (%APPDATA%\postgresql\root.crl on
> Microsoft Windows).
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Lewis | 2021-12-02 02:08:08 | Re: Max connections reached without max connections reached |
| Previous Message | Rob Sargent | 2021-12-01 22:52:01 | Re: Max connections reached without max connections reached |