| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Ian Pilcher <arequipeno(at)gmail(dot)com>, stellr(at)vt(dot)edu, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Trust intermediate CA for client certificates |
| Date: | 2013-12-02 20:57:45 |
| Message-ID: | 529CF449.3060103@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
On 12/02/2013 03:44 PM, Tom Lane wrote:
> Bruce Momjian <bruce(at)momjian(dot)us> writes:
>> Let me ask a simple question --- can
>> you put only the client cert on the client (postgresql.crt) and only the
>> root cert on the server (root.crt), and will it work?
> Yes, that's surely always worked.
Not if the client has been signed by an intermediate CA, surely. Either
the server must have the intermediate CA cert in its root.crt or the
client must supply it along with the end cert.
cheers
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2013-12-02 20:59:43 | Re: Trust intermediate CA for client certificates |
| Previous Message | Bruce Momjian | 2013-12-02 20:46:26 | Re: Trust intermediate CA for client certificates |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2013-12-02 20:59:43 | Re: Trust intermediate CA for client certificates |
| Previous Message | Bruce Momjian | 2013-12-02 20:46:26 | Re: Trust intermediate CA for client certificates |