| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | "Corbit, Dann" <Dann(dot)Corbit(at)softwareag(dot)com>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Cc: | "Luton, Bill" <Bill(dot)Luton(at)softwareag(dot)com>, "Fifer, Brian" <Brian(dot)Fifer(at)softwareag(dot)com>, "Lao, Alexander" <Alexander(dot)Lao(at)softwareag(dot)com> |
| Subject: | Re: Connection using ODBC and SSL |
| Date: | 2020-11-21 19:14:22 |
| Message-ID: | c40ab18f-3c1b-3c9c-dcd3-d307f1437b56@dunslane.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 11/20/20 4:54 PM, Corbit, Dann wrote:
>
> I would like to have all my certificates and keys on the same machine
> (localhost for local connections and dcorbit for tcp/ip).
> I found a couple tutorials and tried them but it failed.
> I saw one document that said the common name should be the postgres
> user name and that it should also be the connecting machine name. Is
> that correct?
> Is there a document or tutorial that explains the correct steps?
I did a webinar about a year ago that went into some detail about what
you need in the CN, where the certificates go, etc.
See
<https://resources.2ndquadrant.com/using-ssl-with-postgresql-and-pgbouncer>
(Yes, this is a corporate webinar, sorry about that)
> Equally important, is there a way to get more complete diagnostics
> when something goes wrong (like WHY did the certificate verify fail)?
>
The diagnostics in the Postgres log are usually fairly explanatory.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2020-11-21 19:32:06 | bug in pageinspect's "tuple data" feature |
| Previous Message | Andres Freund | 2020-11-21 18:33:58 | Re: Removal of currtid()/currtid2() and some table AM cleanup |