| From: | "Corbit, Dann" <Dann(dot)Corbit(at)softwareag(dot)com> |
|---|---|
| To: | PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Cc: | "Luton, Bill" <Bill(dot)Luton(at)softwareag(dot)com>, "Fifer, Brian" <Brian(dot)Fifer(at)softwareag(dot)com>, "Lao, Alexander" <Alexander(dot)Lao(at)softwareag(dot)com> |
| Subject: | Connection using ODBC and SSL |
| Date: | 2020-11-20 21:54:59 |
| Message-ID: | AM4PR0202MB2756F352E29B19B37F7B826196FF0@AM4PR0202MB2756.eurprd02.prod.outlook.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I figured out that my TLS version was too low in the libpq call and increased it to TLS v1.1
Should I go to 1.2? I am wondering because I do not want to limit compatibility.
Once I got past that hurdle, I am getting the error "ssl error: the certificate verify failed"
Since I built the certificates myself self-signed, I am assuming I did something that Postgres does not like.
I should mention that I am using the Windows environment for testing (I will test Linux after Windows succeeds).
I would like to have all my certificates and keys on the same machine (localhost for local connections and dcorbit for tcp/ip).
I found a couple tutorials and tried them but it failed.
I saw one document that said the common name should be the postgres user name and that it should also be the connecting machine name. Is that correct?
Is there a document or tutorial that explains the correct steps?
Equally important, is there a way to get more complete diagnostics when something goes wrong (like WHY did the certificate verify fail)?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2020-11-20 22:16:55 | Re: xid wraparound danger due to INDEX_CLEANUP false |
| Previous Message | Erik Rijkers | 2020-11-20 21:52:32 | Re: Additional Chapter for Tutorial - arch-dev.sgml |