Re: Connection string parameter "sslrootcert" does not work
| От | Ed Hutchinson |
|---|---|
| Тема | Re: Connection string parameter "sslrootcert" does not work |
| Дата | |
| Msg-id | CAO99JCM_54=x=s4UZJGkREo+w07GObt8pd1ALDjQoxYsZ8TAdw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Connection string parameter "sslrootcert" does not work (Adrian Klaver <adrian.klaver@aklaver.com>) |
| Ответы |
Re: Connection string parameter "sslrootcert" does not work
(Adrian Klaver <adrian.klaver@aklaver.com>)
Re: Connection string parameter "sslrootcert" does not work ("Inoue, Hiroshi" <inoue@tpf.co.jp>) |
| Список | pgsql-odbc |
Thanks, Adrian.
Sorry, I should have provided more details.
1) Using this connection string on Windows:
DRIVER={PostgreSQL Unicode};DATABASE=dbedhTest;SERVER=edhpostgresql.cn4dj2uqcnwe.us-west-1.rds.amazonaws.com;UID=MyUser;PWD=********;PORT=5432;BOOLSASCHAR=0;LFCONVERSION=0;UseDeclareFetch=1;sslmode=verify-full;sslrootcert=D:\\temp\\rds-ssl-ca-cert.pem
I get back:
root certificate file \"C:\\Users\\edhutch\\AppData\\Roaming/postgresql/root.crt\" does not exist\nEither provide the file or change sslmode to disable server certificate verification.
2) Using this connection string on Windows:
DRIVER={PostgreSQL Unicode};DATABASE=dbedhTest;SERVER=edhpostgresql.cn4dj2uqcnwe.us-west-1.rds.amazonaws.com;UID=MyUser;PWD=********;PORT=5432;BOOLSASCHAR=0;LFCONVERSION=0;UseDeclareFetch=1;sslmode=verify-full;sslrootcert=D:/temp/rds-ssl-ca-cert.pem
I get back the same error:
root certificate file \"C:\\Users\\edhutch\\AppData\\Roaming/postgresql/root.crt\" does not exist\nEither provide the file or change sslmode to disable server certificate verification.
3) Using this connection string on Mac OS X:
DRIVER={PostgreSQL Unicode};DATABASE=dbedhTest;SERVER=edhpostgresql.cn4dj2uqcnwe.us-west-1.rds.amazonaws.com;UID=MyUser;PWD=********;PORT=5432;BOOLSASCHAR=0;LFCONVERSION=0;UseDeclareFetch=1;sslmode=verify-full;sslrootcert=/Users/edhutch/temp/rds-ssl-ca-cert.pem
I get back:
root certificate file \"/Users/edhutch/.postgresql/root.crt\" does not exist\nEither provide the file or change sslmode to disable server certificate verification.
When I rename the pem file to root.crt and place it in the default location that the driver expects, the connection goes through fine.
On Tue, Nov 11, 2014 at 7:10 AM, Adrian Klaver <adrian.klaver@aklaver.com> wrote:
On 11/10/2014 04:25 PM, Ed Hutchinson wrote:Hi,
I am using the psqlODBC driver to connect to Amazon RDS. I am able
to connect successfully after enabling SSL encryption via the connection
string parameter "sslmode=require". I want to now enable verification of
server identity too, which means that I need to provide the CA
certificate path to the Postgres driver. I tried the connection
parameters "sslmode=verify-full;sslrootcert=<path to CA file>", but the
driver is not able to pick up the file from the specified path (I tried
on Windows and Mac OS X). Things work, however, when the certificate is
placed in the default place the driver looks in -
%APPDATA%\Roaming\postgresql\root.crt on Windows; ~/.postgresql/root.crt
on Mac.
Is this a bug that needs to be fixed or am I doing something wrong?
I am using psqlodbc version 09_03_0300-1.
Not sure, how are you specifying the path to the certificate?--
Adrian Klaver
adrian.klaver@aklaver.com
В списке pgsql-odbc по дате отправления:
Следующее
От: Adrian KlaverДата:
Сообщение: Re: Connection string parameter "sslrootcert" does not work