| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Andrej Podzimek <andrej(at)podzimek(dot)org> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #4455: Valid SSL certificate reported as expired |
| Date: | 2008-10-20 08:40:21 |
| Message-ID: | 48FC43F5.8040904@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Andrej Podzimek wrote:
> The following bug has been logged online:
>
> Bug reference: 4455
> Logged by: Andrej Podzimek
> Email address: andrej(at)podzimek(dot)org
> PostgreSQL version: 8.3.3
> Operating system: Linux 2.6.26.5
> Description: Valid SSL certificate reported as expired
> Details:
>
> Hello,
>
> both psql and pgAdmin refuse to connect to my server using SSL, with this
> inexplicable error message:
>
> Error connecting to the server: SSL error: sslv3 alert certificate
> expired
>
> CA certificate is valid till 2011.
> Server certificate is valid till 2009.
> Client certificate is valid till 2009.
>
> So the error message is obviously a nonsense.
Any chance this is a debian based distribution, and that the certificate
may be using a key that they have blacklisted due to the random number
problem? It may be that OpenSSL gives an incorrect error message in this
case...
If not, please try with the OpenSSL s_client/s_server applications with
the same certificates and see if it works there.
Also, check if there may be some kind of date issue with the CRL.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Grillet | 2008-10-20 10:12:17 | BUG #4486: CSV feature request |
| Previous Message | Tom Lane | 2008-10-19 14:41:34 | Re: Problem with the pg_dumpall file format |