| From: | Susan Joseph <sandajoseph(at)verizon(dot)net> |
|---|---|
| To: | "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: SSL between Primary and Seconday PostgreSQL DBs |
| Date: | 2020-09-03 13:47:00 |
| Message-ID: | 875525261.2709349.1599140820429@mail.yahoo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Susan Joseph
sandajoseph(at)verizon(dot)net
-----Original Message-----
From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Susan Joseph <sandajoseph(at)verizon(dot)net>
Cc: pgsql-general(at)postgresql(dot)org <pgsql-general(at)postgresql(dot)org>
Sent: Thu, Sep 3, 2020 9:12 am
Subject: Re: SSL between Primary and Seconday PostgreSQL DBs
Greetings,
* Susan Joseph (sandajoseph(at)verizon(dot)net) wrote:
> So I made the changes on the secondary to change the sslmode to verify-fullI removed the clientcert=1 in pg_hba.conf and removed any connections other than sslI removed the passfile info from recovery.confand now I am getting this error:
> 2020-09-03 13:01:49.990 UTC [7963] FATAL: could not connect to the primary server: server certificate for "lc-subca-pg.theforest.sap" does not match host name "192.168.1.142"
>>Yes, as I explained, because of exactly the issue that the host you've
>>told your secondary to connect to (looks like 192.168.1.142) doesn't
>>match the certificate presented by the primary (which looks to be
>>"lc-subca-pg.theforest.sap").
OK so I fixed that in my recovery.conf file so it is not set to the IP but to the FQDN and it is no longer throwing this error.
>>The answer is to make those two match.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2020-09-03 13:59:18 | Re: SSL between Primary and Seconday PostgreSQL DBs |
| Previous Message | Siva postgres | 2020-09-03 13:42:42 | Re: ODBC Driver dsplay name |