| From: | Asia <asia123321(at)op(dot)pl> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Universal certificate for verify-full ssl connection |
| Date: | 2011-05-31 07:40:54 |
| Message-ID: | 35982898-62d8268a04f9e6d9ec143476a203dc96@pkn5.m5r2.onet |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
I am trying to generate self-signed certificate for full ssl authentication. I need to have universal version of this certificate for development purposes (so any client can connect with any postgresql server with ssl on and verify-full flag).
I am using IP while connecting, I mean host=<IP>.
However verify-full connection works only in case "Common Name" in certificate contains only fully qualified IP address, when I try to set CN as * (asterisk) I receive error:
server common name "*" does not match hostname "my_ip"
According to the documentation here : http://www.postgresql.org/docs/current/static/libpq-ssl.html
"If the connection is made using an IP address instead of a host name, the IP address will be matched (without doing any DNS lookups). "
Would you please advise what I am doing wrong? Or maybe there is other way to generate wildcard certificate ? Or maybe this is a possible bug?
Thanks in advance !
Joanna
| From | Date | Subject | |
|---|---|---|---|
| Next Message | salah jubeh | 2011-05-31 07:58:32 | Re: RES: SELECT COUNT(*) execution time on large tables (v9.0.4-1) |
| Previous Message | Craig Ringer | 2011-05-31 06:22:38 | Re: Index Size |