Hi,
I am trying to generate self-signed certificate for full ssl authentication. I need to have universal version of this
certificatefor development purposes (so any client can connect with any postgresql server with ssl on and verify-full
flag).
I am using IP while connecting, I mean host=<IP>.
However verify-full connection works only in case "Common Name" in certificate contains only fully qualified IP
address,when I try to set CN as * (asterisk) I receive error:
server common name "*" does not match hostname "my_ip"
According to the documentation here : http://www.postgresql.org/docs/current/static/libpq-ssl.html
"If the connection is made using an IP address instead of a host name, the IP address will be matched (without doing
anyDNS lookups). "
Would you please advise what I am doing wrong? Or maybe there is other way to generate wildcard certificate ? Or maybe
thisis a possible bug?
Thanks in advance !
Joanna