Re: configuring openssl for postgres 9.2 for the first time

On Jan 30, 2014, at 2:00 PM, Mark Steben <mark.steben@drivedominion.com> wrote:

Hello,

We are looking to provide openssl methodology into our testing environment.  I've run into this issue

when attempting to access from a client to a remote postgres server after SSL configuration:

from client 10.10.4.34:
psql -U postgres marktst -h 10.10.4.52
psql: FATAL:  no pg_hba.conf entry for host "10.10.4.34", user "postgres", database "marktst", SSL off

You might back off from ssl, client authentication just to see what happens with:

hostssl  all                all          0.0.0.0/0             md5 clientcert=1

this will provide the client auth of the server and require a password auth for the client.  Hopefully that works first.  I've seen your msg and had some effect with the following env variable, but it's probably a long shot: 

"PGSSLMODE behaves the same as the sslmode"

http://www.postgresql.org/docs/9.3/static/libpq-envars.html

PGSSLMODE=verify-full will cause the client to verify that the CN on the server certificate matches the hostname of the server.  disable will only try a non-SSL connection which will not be compatible with the pg_hba config.

It is a bit of a fishing expedition.