Hi all,
I am unsure of how CRL works in PostgreSQL 9.3. I have a setup with multiple CA's issued by different root CA's that each may or may not issue a CRL. I am aware that in the postgresql.conf there is ssl_cert_file, and ssl_key_file which contains the unique (server) certificate and key. I am also aware of the ssl_ca_file which contains a file of the concatenated CA's. From the documentation the ssl_crl_file parameter requires a file with concatenated CRL's chained up to a root CA. My setup does not necessarily have the intermediate CA's and/or root CA's as only certain CA's can be trusted. Will an incomplete list of CRL's still work even if we have the issuing CA's used for verification? Also will this only work for a single root CA?
Regards,
Ansley