A documentation comment came in recently about ssl-tcp.html not 
specifying what format is expected for the CRL file.  Seems like 
something that could be described better now that I look at it, so I'm 
passing that along with just wording edits from me; this is from user 
"oneironautics":

The root.crl needs to be in PEM (and not DER) format.  If a certificate 
file exists but is the wrong type, you will be told it cannot find the 
file when it exists, with this sort of error in the log:

LOG:  SSL certificate revocation list file "root.crl" not found, 
skipping: no SSL error reported
DETAIL:  Certificates will not be checked against revocation list.

This error can be reported even though you have a root.crl file in 
$PGDATA along with the private key and server/root certificates.  A 
quick check using openssl revealed that the unused CRL file in this 
example was indeed in DER format.  Converting the certificate to the PEM 
format rectified the error:

cd $PGDATA
openssl crl -inform der -in root.crl -outform pem -out root-new.crl
mv root-new.crl root.crl

Responses

• Re: File format for SSL CRL file at 2012-07-03 02:44:00 from Alvaro Herrera
• Re: File format for SSL CRL file at 2012-07-03 19:20:50 from Peter Eisentraut

pgsql-docs by date

Next:	From: Alvaro Herrera	Date: 2012-07-03 02:44:00
	Subject: Re: File format for SSL CRL file
Previous:	From: Peter Eisentraut	Date: 2012-06-30 20:52:58
	Subject: Re: outdated legal notice in SGML docs?

pgsql-hackers by date

Next:	From: Greg Smith	Date: 2012-07-03 00:51:14
	Subject: Oracle porting sample instr function
Previous:	From: Tom Lane	Date: 2012-07-03 00:12:33
	Subject: Re: Patch: add conversion from pg_wchar to multibyte