| From: | "Lu, Chenyang" <lucy(dot)fnst(at)cn(dot)fujitsu(dot)com> |
|---|---|
| To: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | ssl certification |
| Date: | 2020-11-05 13:26:38 |
| Message-ID: | b03838076e95445385cbcf187f8b9dcb@G08CNEXMBPEKD04.g08.fujitsu.local |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi~
Forgive me for not being familiar with SSL.
When I try to use SSL certification function.(in postgresql9.5.22)
The service uses the following configuration
Set ssl=on in postgresql.conf
Set ssl_cert_file=server.crt in postgresql.conf
Set ssl_key_file=server.key in postgresql.conf
Set ssl_ca_file=root.crt in postgresql.conf
CASE 1. Add hostssl test all all md5 in pg_hba.conf
CASE 2. Add hostssl test all all cert in pg_hba.conf
In CASE 1 : use psql -U test -d "postgresql://193.xxx.xxx.xxx/test?sslmode=verify-ca"
I can connect normally.
In CASE 2 : use the same connection string
I got "psql: FATAL: connection requires a valid client certificate (10689)"
Question:cert in pg_hba.conf means what? How can I configure the client Certificate it needs.
Thanks~
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jonathan Katz | 2020-11-05 13:42:19 | Re: Christopher Browne |
| Previous Message | Magnus Hagander | 2020-11-05 09:21:40 | Re: PANIC: could not write to log file {} at offset {}, length {}: Invalid argument |