Re: SSL cert "not initialized" error with logical replication with 13.11

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Axel Rau <Axel(dot)Rau(at)chaos1(dot)de>
Cc: pgsql-admin(at)lists(dot)postgresql(dot)org
Subject: Re: SSL cert "not initialized" error with logical replication with 13.11
Date: 2023-06-21 13:53:22
Message-ID: 3757321.1687355602@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Axel Rau <Axel(dot)Rau(at)chaos1(dot)de> writes:
> After upgrading to 13.11, Publisher no longer accepts cert of subscriber.

The error is pretty clear:

> RROR,XX000,"could not connect to the publisher: SSL error: sslv3 alert certificate expired",,,,,,,,,"","logical replication worker"

> Servercert:
> Not Before: Aug 18 09:12:35 2022 GMT
> Not After : Aug 29 09:12:35 2023 GMT

How sure are you that that cert is the one the publisher is using?
Also, maybe the complaint is about a cert being used by the subscriber,
not the publisher? I don't think this error message would distinguish
that.

regards, tom lane

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Scott Ribe 2023-06-21 13:55:33 Re: Question about wal_compression and what to expect
Previous Message Sean O'Grady 2023-06-21 13:51:15 Re: Question about wal_compression and what to expect