| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Greg Stark <stark(at)mit(dot)edu>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | thomas(at)habets(dot)se, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |
| Date: | 2021-09-19 21:04:24 |
| Message-ID: | cfdfabb2-0af0-7a91-9d47-1dfe3195c754@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 9/17/21 5:35 PM, Greg Stark wrote:
> Hm. Let's Encrypt's FAQ tells me I'm on the right track with that
> question but the distinctinos are far more coarse than I was worried
> about:
>
>
> Does Let’s Encrypt issue certificates for anything other than SSL/TLS
> for websites?
>
> Let’s Encrypt certificates are standard Domain Validation
> certificates, so you can use them for any server that uses a domain
> name, like web servers, mail servers, FTP servers, and many more.
>
> Email encryption and code signing require a different type of
> certificate that Let’s Encrypt does not issue.
Presumably this should be a certificate something like our client certs,
where the subject designates a user id or similar (e.g. an email
address) rather than a domain name.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jonathan S. Katz | 2021-09-19 21:45:32 | Re: Release 14 Schedule |
| Previous Message | Corey Huinker | 2021-09-19 21:01:49 | Re: Undocumented AT TIME ZONE INTERVAL syntax |