| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Ian Pilcher <arequipeno(at)gmail(dot)com> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, stellr(at)vt(dot)edu, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Trust intermediate CA for client certificates |
| Date: | 2013-12-02 21:26:10 |
| Message-ID: | 26664.1386019570@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
Ian Pilcher <arequipeno(at)gmail(dot)com> writes:
> BTW, you can't just "list the certs of the intermediate CAs you do
> trust"; you have to put the root CA certificate into root.crt in order
> for OpenSSL to build a complete chain,
I believe you are mistaken. OpenSSL just wants a chain to one of the
certs you've told it to trust.
But in any case, Stephen is right that intermediate certs aren't meant
to be used in the way you want. They're just a mechanism for a CA to
use for its own purposes.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | AK | 2013-12-02 21:28:50 | NpgsqlCopySerializer blows up if no rows are saved |
| Previous Message | Bruce Momjian | 2013-12-02 21:25:28 | Re: Trust intermediate CA for client certificates |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2013-12-02 21:29:57 | Re: Trust intermediate CA for client certificates |
| Previous Message | Bruce Momjian | 2013-12-02 21:25:28 | Re: Trust intermediate CA for client certificates |