Quick Links

Re: SSL auth problem

From:	Vitaliyi <imgrey(at)gmail(dot)com>
To:	"Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at>
Cc:	pgsql-general(at)postgresql(dot)org
Subject:	Re: SSL auth problem
Date:	2008-05-16 12:32:13
Message-ID:	3aac340805160532m436555acvcddc16835e53c999@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

>> don't know where it looking for "root.crl", but it is in directory
>> with root.crt and server.key, server.crt
>
> That should be harmless...

removed root.crl. the same effect

> Let me reexamine your original mail:
>
>> generating another key on server:
> [...]
>> signing on CA:
>> openssl req -x509 -in server.req -text -key our.key -out server.crt
>
> That's the problem, I think.

> With this statement you generate a self signed certificate from server.req
> (check with "openssl x509 -in server.crt -text -noout").
>
> What you need is a certificate signed by root.crt.
>
> You can do it like this:
>
> openssl x509 -req -in server.req -CA root.crt -CAkey our.key -CAcreateserial -out server.crt
>
> See if that gets rid of the message!

another error appeared:

psql: SSL error: sslv3 alert bad certificate

so I started from beginning:
on CA:
openssl genrsa -out our.key 2048

creating self-signed serificate:
openssl req -new -key our.key -out our.req
openssl req -x509 -in our.req -text -key our.key -out root.crt

copied root.crt to client and postgres server

on server:
openssl genrsa -out server.key 2048

on CA:
openssl x509 -req -in /tmp/server.req -CA ./root.crt -CAkey our.key
-CAcreateserial -out server.crt

on client:
openssl genrsa -out postgresql.key 2048
openssl req -new -key postgresql.key -out cl.req

on CA:
openssl x509 -req -in /tmp/cl.req -CA ./root.crt -CAkey our.key
-CAcreateserial -out postgresql.crt

files on client host:
postgresql.crt (signed by CA, -- root.crt)
postgresql.key (client private and public keys)
root.crt

files on postgresql server:
server.key (priv and pub keys)
server.crt (signed by root CA)
root.crt

stopped postgresql and started again

on client:

psql "dbname=me sslmode=require host=postgresql_host user=me"
psql: SSL error: sslv3 alert bad certificate

on server in logs:
postgres[29299]: [3-1] LOG: could not accept SSL connection: no
certificate returned

where I was wrong? : (

In response to

Re: SSL auth problem at 2008-05-16 11:46:44 from Albe Laurenz

Responses

Re: SSL auth problem at 2008-05-16 13:38:07 from Albe Laurenz

Browse pgsql-general by date

	From	Date	Subject
Next Message	Robert Fitzpatrick	2008-05-16 12:32:14	Installing debugger
Previous Message	Albe Laurenz	2008-05-16 11:46:44	Re: SSL auth problem