| From: | Valere Binet <valere(dot)binet(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: FATAL: connection requires a valid client certificate |
| Date: | 2025-06-20 17:24:44 |
| Message-ID: | CAJn2Pj=E0kS5aQAd=mek=atZPA0iHz9dvk-VU0Xo2=+eiJZ7ow@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Thank you Tom,
I already had the full path for the root certificate, sorry I got lazy
retyping the command on my personal computer.
After also entering the full path for sslcert and sslkey, I'm getting
"sslv3 alert certificate expired".
Now I just need to figure out which one but I already have a pretty good
idea.
Thank you again! Regards,
Valère
On Fri, Jun 20, 2025 at 12:02 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Valere Binet <valere(dot)binet(at)gmail(dot)com> writes:
> > I'm completely new to postgresql and I'm struggling with its SSL
> > configuration.
>
> It sounds like you have the right certs in the right files.
> I wonder though whether the client is actually picking up the
> client-side cert/key.
>
> In particular, a quick look at the libpq source code indicates
> that it doesn't have any mechanism for expanding "~" in the sslcert
> etc. parameters: you need to write out the full path verbatim.
> (But it also looks like you should have gotten an error about
> not finding the sslrootcert file, so I'm not quite sure if this
> theory is correct.)
>
> Another thing to look into is whether the order of the certs
> in the multi-cert files matters.
>
> regards, tom lane
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Edwin UY | 2025-06-21 10:10:52 | pg_restore Question |
| Previous Message | Tom Lane | 2025-06-20 16:02:46 | Re: FATAL: connection requires a valid client certificate |