From: | Ed Hutchinson <edhutch1963(at)gmail(dot)com> |
---|---|
To: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
Cc: | pgsql-odbc(at)postgresql(dot)org |
Subject: | Re: Connection string parameter "sslrootcert" does not work |
Date: | 2014-11-11 17:52:42 |
Message-ID: | CAO99JCM_54=x=s4UZJGkREo+w07GObt8pd1ALDjQoxYsZ8TAdw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-odbc |
Thanks, Adrian.
Sorry, I should have provided more details.
1) Using this connection string on Windows:
DRIVER={PostgreSQL Unicode};DATABASE=dbedhTest;SERVER=
edhpostgresql.cn4dj2uqcnwe.us-west-1.rds.amazonaws.com
;UID=MyUser;PWD=********;PORT=5432;BOOLSASCHAR=0;LFCONVERSION=0;UseDeclareFetch=1;sslmode=verify-full;sslrootcert=D:\\temp\\rds-ssl-ca-cert.pem
I get back:
root certificate file
\"C:\\Users\\edhutch\\AppData\\Roaming/postgresql/root.crt\" does not
exist\nEither provide the file or change sslmode to disable server
certificate verification.
2) Using this connection string on Windows:
DRIVER={PostgreSQL Unicode};DATABASE=dbedhTest;SERVER=
edhpostgresql.cn4dj2uqcnwe.us-west-1.rds.amazonaws.com
;UID=MyUser;PWD=********;PORT=5432;BOOLSASCHAR=0;LFCONVERSION=0;UseDeclareFetch=1;sslmode=verify-full;sslrootcert=D:/temp/rds-ssl-ca-cert.pem
I get back the same error:
root certificate file
\"C:\\Users\\edhutch\\AppData\\Roaming/postgresql/root.crt\" does not
exist\nEither provide the file or change sslmode to disable server
certificate verification.
3) Using this connection string on Mac OS X:
DRIVER={PostgreSQL Unicode};DATABASE=dbedhTest;SERVER=
edhpostgresql.cn4dj2uqcnwe.us-west-1.rds.amazonaws.com
;UID=MyUser;PWD=********;PORT=5432;BOOLSASCHAR=0;LFCONVERSION=0;UseDeclareFetch=1;sslmode=verify-full;sslrootcert=/Users/edhutch/temp/rds-ssl-ca-cert.pem
I get back:
root certificate file \"/Users/edhutch/.postgresql/root.crt\" does not
exist\nEither provide the file or change sslmode to disable server
certificate verification.
When I rename the pem file to root.crt and place it in the default location
that the driver expects, the connection goes through fine.
On Tue, Nov 11, 2014 at 7:10 AM, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>
wrote:
> On 11/10/2014 04:25 PM, Ed Hutchinson wrote:
>
>> Hi,
>> I am using the psqlODBC driver to connect to Amazon RDS. I am able
>> to connect successfully after enabling SSL encryption via the connection
>> string parameter "sslmode=require". I want to now enable verification of
>> server identity too, which means that I need to provide the CA
>> certificate path to the Postgres driver. I tried the connection
>> parameters "sslmode=verify-full;sslrootcert=<path to CA file>", but the
>> driver is not able to pick up the file from the specified path (I tried
>> on Windows and Mac OS X). Things work, however, when the certificate is
>> placed in the default place the driver looks in -
>> %APPDATA%\Roaming\postgresql\root.crt on Windows; ~/.postgresql/root.crt
>> on Mac.
>>
>> Is this a bug that needs to be fixed or am I doing something wrong?
>> I am using psqlodbc version 09_03_0300-1.
>>
>
> Not sure, how are you specifying the path to the certificate?
>
>
>
>> Thanks,
>> Ed
>>
>> The resources I consulted:
>> http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/
>> CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL
>> http://www.postgresql.org/docs/9.3/static/libpq-ssl.html
>> http://www.postgresql.org/docs/9.3/static/libpq-connect.html
>>
>
>
> --
> Adrian Klaver
> adrian(dot)klaver(at)aklaver(dot)com
>
From | Date | Subject | |
---|---|---|---|
Next Message | Adrian Klaver | 2014-11-12 00:59:14 | Re: Connection string parameter "sslrootcert" does not work |
Previous Message | Nils Gösche | 2014-11-11 17:08:04 | Bug? {? = CALL insert_page_segment (?, ?)} |