| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Valere Binet <valere(dot)binet(at)gmail(dot)com> |
| Cc: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: FATAL: connection requires a valid client certificate |
| Date: | 2025-06-20 16:02:46 |
| Message-ID: | 1944831.1750435366@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Valere Binet <valere(dot)binet(at)gmail(dot)com> writes:
> I'm completely new to postgresql and I'm struggling with its SSL
> configuration.
It sounds like you have the right certs in the right files.
I wonder though whether the client is actually picking up the
client-side cert/key.
In particular, a quick look at the libpq source code indicates
that it doesn't have any mechanism for expanding "~" in the sslcert
etc. parameters: you need to write out the full path verbatim.
(But it also looks like you should have gotten an error about
not finding the sslrootcert file, so I'm not quite sure if this
theory is correct.)
Another thing to look into is whether the order of the certs
in the multi-cert files matters.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Valere Binet | 2025-06-20 17:24:44 | Re: FATAL: connection requires a valid client certificate |
| Previous Message | Valere Binet | 2025-06-20 15:35:25 | FATAL: connection requires a valid client certificate |