Quick Links

Log the incoming old SSL certs by pid or any way

From:	Durumdara <durumdara(at)gmail(dot)com>
To:	Postgres General <pgsql-general(at)postgresql(dot)org>
Subject:	Log the incoming old SSL certs by pid or any way
Date:	2020-06-25 07:34:40
Message-ID:	CAEcMXhnSE+Dss_LPjwsyTnw1t7Z64WayEuTbHiZvGgB_RAv4ng@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Hello!

PGSQL 9.6, Linux, SSL.
We want to change certs to new, but somehow we need to detect which old
cert is in use before the expiration.
So now they could connect with old and new too. We want to warn the clients
with old certs to update, before they will be denied.

Do we have chance to log somewhere the connected client's certificate, or
some info about it?

As I know the CRL can block unwanted certs - they will be denied.

Is there any, similar list where we can registrate the cert and when it
used we can log it?

Do you know about any mechanism for this? I hope you understand what we
need.

Thank you for it!
dd

Responses

Re: Log the incoming old SSL certs by pid or any way at 2020-06-25 10:24:07 from Christoph Moench-Tegeder

Browse pgsql-general by date

	From	Date	Subject
Next Message	Jaime Soler	2020-06-25 07:50:27	Re: pgbench and timestamps
Previous Message	Fabien COELHO	2020-06-25 07:02:58	Re: pgbench and timestamps