Re: ssl client cert authentication

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: ssl client cert authentication
Дата
Msg-id 22758.1288629993@sss.pgh.pa.us
обсуждение исходный текст
Ответ на ssl client cert authentication  (Ray Stell <stellr@cns.vt.edu>)
Ответы Re: ssl client cert authentication  (Ray Stell <stellr@cns.vt.edu>)
Список pgsql-admin
Ray Stell <stellr@cns.vt.edu> writes:
> Someone asked about ssl client cert auth recently.  I got
> this to work, but something tripped me up.

> http://developer.postgresql.org/pgdocs/postgres/ssl-tcp.html

> states (very clearly, btw) that, "To require the client to supply a
> trusted certificate, place certificates of the certificate authorities
> (CAs) you trust in the file root.crt in the data directory."  I had
> ASS-U-MEd that root.crt would go in .postgresql as it does for encryption.

> This begs the question, why two copies of the same file?

The one in ~/.postgresql is for client usage.  The one in $PGDATA is for
the server's use.  There's no reason to assume they'd be the same.

            regards, tom lane

В списке pgsql-admin по дате отправления:

Предыдущее
От: Ray Stell
Дата:
Сообщение: ssl client cert authentication
Следующее
От: Ray Stell
Дата:
Сообщение: Re: ssl client cert authentication