Someone asked about ssl client cert auth recently. I got
this to work, but something tripped me up.
http://developer.postgresql.org/pgdocs/postgres/ssl-tcp.html
states (very clearly, btw) that, "To require the client to supply a
trusted certificate, place certificates of the certificate authorities
(CAs) you trust in the file root.crt in the data directory." I had
ASS-U-MEd that root.crt would go in .postgresql as it does for encryption.
This begs the question, why two copies of the same file?