Re: Connection using ODBC and SSL

Thank you for the assistance.

________________________________
From: Andrew Dunstan <andrew(at)dunslane(dot)net>
Sent: Saturday, November 21, 2020 11:14
To: Corbit, Dann <Dann(dot)Corbit(at)softwareag(dot)com>; PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Cc: Luton, Bill <Bill(dot)Luton(at)softwareag(dot)com>; Fifer, Brian <Brian(dot)Fifer(at)softwareag(dot)com>; Lao, Alexander <Alexander(dot)Lao(at)softwareag(dot)com>
Subject: Re: Connection using ODBC and SSL

On 11/20/20 4:54 PM, Corbit, Dann wrote:
>
> I would like to have all my certificates and keys on the same machine
> (localhost for local connections and dcorbit for tcp/ip).
> I found a couple tutorials and tried them but it failed.
> I saw one document that said the common name should be the postgres
> user name and that it should also be the connecting machine name. Is
> that correct?
> Is there a document or tutorial that explains the correct steps?

I did a webinar about a year ago that went into some detail about what
you need in the CN, where the certificates go, etc.

See
<https://resources.2ndquadrant.com/using-ssl-with-postgresql-and-pgbouncer>
(Yes, this is a corporate webinar, sorry about that)

> Equally important, is there a way to get more complete diagnostics
> when something goes wrong (like WHY did the certificate verify fail)?
>

The diagnostics in the Postgres log are usually fairly explanatory.

cheers

andrew