| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Ray Stell <stellr(at)cns(dot)vt(dot)edu> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: ssl client cert authentication |
| Date: | 2010-11-01 16:46:33 |
| Message-ID: | 22758.1288629993@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin pgsql-docs |
Ray Stell <stellr(at)cns(dot)vt(dot)edu> writes:
> Someone asked about ssl client cert auth recently. I got
> this to work, but something tripped me up.
> http://developer.postgresql.org/pgdocs/postgres/ssl-tcp.html
> states (very clearly, btw) that, "To require the client to supply a
> trusted certificate, place certificates of the certificate authorities
> (CAs) you trust in the file root.crt in the data directory." I had
> ASS-U-MEd that root.crt would go in .postgresql as it does for encryption.
> This begs the question, why two copies of the same file?
The one in ~/.postgresql is for client usage. The one in $PGDATA is for
the server's use. There's no reason to assume they'd be the same.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ray Stell | 2010-11-01 19:15:13 | Re: ssl client cert authentication |
| Previous Message | Ray Stell | 2010-11-01 16:14:26 | ssl client cert authentication |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ray Stell | 2010-11-01 19:15:13 | Re: ssl client cert authentication |
| Previous Message | Ray Stell | 2010-11-01 16:14:26 | ssl client cert authentication |