Skip site navigation (1) Skip section navigation (2)

Re: BUG #5008: Server Startup Problem - When server is configured for SSL

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Jalaj Negi <jalajsinghnegi(at)gmail(dot)com>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #5008: Server Startup Problem - When server is configured for SSL
Date: 2009-08-26 07:11:07
Message-ID: 9837222c0908260011h5c2531cdpf108c653d13cdc3a@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-bugs
On Wed, Aug 26, 2009 at 08:47, Jalaj Negi<jalajsinghnegi(at)gmail(dot)com> wrote:
> Hello, following is PostgreSQL log file.
> I have no certificate to revoke so I havent placed any "root.crl" file in
> servers data directory.
>
> Log File
> ============================================================================================
> 2009-08-26 11:58:32 ISTLOG:  SSL certificate revocation list file "root.crl"
> not found, skipping: No such file or directory
> 2009-08-26 11:58:32 ISTDETAIL:  Certificates will not be checked against
> revocation list.
> 2009-08-26 11:58:32 ISTLOG:  database system was shut down at 2009-08-26
> 11:56:56 IST
> 2009-08-26 11:58:32 ISTFATAL:  the database system is starting up
> 2009-08-26 11:58:34 ISTLOG:  database system is ready to accept connections
> 2009-08-26 11:58:34 ISTLOG:  SSL certificate revocation list file "root.crl"
> not found, skipping: No such file or directory
> 2009-08-26 11:58:34 ISTDETAIL:  Certificates will not be checked against
> revocation list.
> 2009-08-26 11:58:34 ISTFATAL:  the database system is starting up
> 2009-08-26 11:58:39 ISTLOG:  autovacuum launcher started
> 2009-08-26 11:58:39 ISTLOG:  SSL certificate revocation list file "root.crl"
> not found, skipping: No such file or directory
> 2009-08-26 11:58:39 ISTDETAIL:  Certificates will not be checked against
> revocation list.
> 2009-08-26 11:58:39 ISTFATAL:  connection requires a valid client
> certificate

<snip>

I think this indicates that pg_ctl is trying to connect to the
database just to see if it's running, but you have set it to require
SSL certificate on connections from localhost. Could that be so? If
so, try setting the requirement for certificates only on non-localhost
addresses and see if it starts up properly in that case.

-- 
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

In response to

Responses

pgsql-bugs by date

Next:From: Heikki LinnakangasDate: 2009-08-26 08:40:56
Subject: Re: BUG #5011: Standby recovery unable to follow timeline change
Previous:From: Gergely CzuczyDate: 2009-08-26 06:29:40
Subject: BUG #5012: mailing list VERP addresses not sender-verifiable

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group