| From: | Richard Webb <zymotic74(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Fwd: SSL Error: Certificate verify fail |
| Date: | 2019-06-04 02:42:23 |
| Message-ID: | CAMPKBjR2FhUbttevg=HWKxXi_9TYUmU5mtnNKRCG0xT0GmjFpw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
I have completed the steps at
https://www.postgresql.org/docs/current/ssl-tcp.html#SSL-CLIENT-CERTIFICATES
Specifically:
To create a server certificate whose identity can be validated by clients,
first create a certificate signing request (CSR) and a public/private key
file:
openssl req -new -nodes -text -out root.csr \
-keyout root.key -subj "/CN=root.yourdomain.com"
chmod og-rwx root.key
Then, sign the request with the key to create a root certificate authority
(using the default OpenSSL configuration file location on Linux):
openssl x509 -req -in root.csr -text -days 3650 \
-extfile /etc/ssl/openssl.cnf -extensions v3_ca \
-signkey root.key -out root.crt
Finally, create a server certificate signed by the new root certificate
authority:
openssl req -new -nodes -text -out server.csr \
-keyout server.key -subj "/CN=dbhost.yourdomain.com"
chmod og-rwx server.key
openssl x509 -req -in server.csr -text -days 365 \
-CA root.crt -CAkey root.key -CAcreateserial \
-out server.crt
However when I issue cmd (this is a generalised version):
C:\Program Files (x86)\pgAdmin 4\v4\runtime>psql "sslmode=verify-ca host=
host.com dbname=db user=dbuser"
It returns:
psql: SSL error: certificate verify failed
Can anyone advise on what I should try next?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurenz Albe | 2019-06-04 06:54:16 | Re: csvlog Behavior when log file missing |
| Previous Message | Jeff Janes | 2019-06-04 02:05:10 | Re: Questions about btree_gin vs btree_gist for low cardinality columns |