From: | harpagornis <shenlong(at)runbox(dot)com> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: SSL Certificates in Windows 7 & Postgres 9.3 |
Date: | 2014-12-17 04:56:39 |
Message-ID: | 1418792199858-5831037.post@n5.nabble.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
To anyone following this thread, I would also like to point out the
following, from Man 31.18.1.
In verify-full mode, the cn (Common Name) attribute of the certificate is
matched against the host name. If the cn attribute starts with an asterisk
(*), it will be treated as a wildcard, and will match all characters except
a dot (.). This means the certificate will not match subdomains. If the
connection is made using an IP address instead of a host name, the IP
address will be matched (without doing any DNS lookups).
-----------------------------------------------------------------
So it seems that when creating self-signed certificates for use in
verify-full mode, the CN is not the user id, but instead, the host name, ie.
127.0.0.1, which is what I had.
--
View this message in context: http://postgresql.nabble.com/SSL-Certificates-in-Windows-7-Postgres-9-3-tp5830749p5831037.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.
From | Date | Subject | |
---|---|---|---|
Next Message | Adrian Klaver | 2014-12-17 05:09:46 | Re: SSL Certificates in Windows 7 & Postgres 9.3 |
Previous Message | harpagornis | 2014-12-17 00:45:27 | Re: SSL Certificates in Windows 7 & Postgres 9.3 |