| From: | Andrus <kobruleht2(at)hot(dot)ee> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: tlsv1 alert unknown ca error on cert authentication |
| Date: | 2025-06-09 07:34:47 |
| Message-ID: | 1f713b36-4903-446b-ac25-b4460f9fe3d1@hot.ee |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hi!
>Hm. This example works fine for me on RHEL8. Evidently your openssl installation is set up to reject self-signed certificates by
default.
Tried with RapidSSL cert for user varukoopia. Error message is the same.
> I note that in my installation, /etc/pki/tls/openssl.cnf
> contains
>
> [ req ]
> ...
> x509_extensions = v3_ca # The extensions to add to the self signed cert
> ...
> [ v3_ca ]
> # Extensions for a typical CA
> ...
> # Key usage: this is typical for a CA certificate. However since it will
> # prevent it being used as an test self-signed certificate it is best
> # left out by default.
> # keyUsage = cRLSign, keyCertSign
>
> Perhaps in your configuration file, that option is active?
It is not active.
Tried self signed cert for user varukoopia, but error message is the same.
Tried with
log_min_messages = debug5
but log does not contain more information about error
Certs used and openssl conf were sent to Tom as message attachments.
Andrus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2025-06-09 10:07:42 | Re: BUG #18947: TRAP: failed Assert("len_to_wrt >= 0") in pg_stat_statements |
| Previous Message | Michael Paquier | 2025-06-08 22:27:56 | Re: BUG #18943: Return value of a function 'xmlBufferCreate' is dereferenced at xpath.c:177 without checking for NUL |