From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
---|---|
To: | "Corbit, Dann" <Dann(dot)Corbit(at)softwareag(dot)com>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Cc: | "Luton, Bill" <Bill(dot)Luton(at)softwareag(dot)com>, "Fifer, Brian" <Brian(dot)Fifer(at)softwareag(dot)com>, "Lao, Alexander" <Alexander(dot)Lao(at)softwareag(dot)com> |
Subject: | Re: Connection using ODBC and SSL |
Date: | 2020-11-21 19:14:22 |
Message-ID: | c40ab18f-3c1b-3c9c-dcd3-d307f1437b56@dunslane.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 11/20/20 4:54 PM, Corbit, Dann wrote:
>
> I would like to have all my certificates and keys on the same machine
> (localhost for local connections and dcorbit for tcp/ip).
> I found a couple tutorials and tried them but it failed.
> I saw one document that said the common name should be the postgres
> user name and that it should also be the connecting machine name. Is
> that correct?
> Is there a document or tutorial that explains the correct steps?
I did a webinar about a year ago that went into some detail about what
you need in the CN, where the certificates go, etc.
See
<https://resources.2ndquadrant.com/using-ssl-with-postgresql-and-pgbouncer>
(Yes, this is a corporate webinar, sorry about that)
> Equally important, is there a way to get more complete diagnostics
> when something goes wrong (like WHY did the certificate verify fail)?
>
The diagnostics in the Postgres log are usually fairly explanatory.
cheers
andrew
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2020-11-21 19:32:06 | bug in pageinspect's "tuple data" feature |
Previous Message | Andres Freund | 2020-11-21 18:33:58 | Re: Removal of currtid()/currtid2() and some table AM cleanup |