New certs give "could not accept SSL connection: sslv3 alert certificate unknow"

From: Axel Rau <Axel(dot)Rau(at)Chaos1(dot)DE>
To: pgsql-admin(at)postgresql(dot)org
Subject: New certs give "could not accept SSL connection: sslv3 alert certificate unknow"
Date: 2014-09-13 17:55:12
Message-ID: 671DB650-E7F9-4037-BE9F-61F7BB819BD0@Chaos1.DE
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Hi everyone,

after swapping server and client certs and keys, I’m getting:
„could not accept SSL connection: sslv3 alert certificate unknown"
in the server logs.
CAcert has not changed.
Authentication with client certs is not configured.
If I remove .postgresql in the client home, everything works perfectly.

Only difference of the new certs is the ‚critical’ here:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment
Can this be the reason?

Thanks, Axel
---
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius

Browse pgsql-admin by date

  From Date Subject
Next Message Morgan Ramsay 2014-09-15 00:18:51 Out of memory running 560 MB query
Previous Message Greg Sabino Mullane 2014-09-12 14:13:32 Re: Database configuration details