Cert verify failed on client side after renewal of certs

Поиск
Список
Период
Сортировка
От Axel Rau
Тема Cert verify failed on client side after renewal of certs
Дата
Msg-id EDEF718B-B5CE-464C-AFE2-CAAAE6A0B8A5@chaos1.de
обсуждение исходный текст
Ответы Re: Cert verify failed on client side after renewal of certs  (Axel Rau <Axel.Rau@Chaos1.DE>)
Список pgsql-admin
Hi all,

I’m getting
    psql: SSL error: certificate verify failed
after renewing server and client certs.
Both certs are validated ok by openssl:
- - -
openssl verify -verbose -CAfile ca_cert.pem -purpose sslserver /usr/local/pgsql/data-l/db1.in.chaos1.de_server_cert.pem
/usr/local/pgsql/data-l/db1.in.chaos1.de_server_cert.pem: OK
- - -
openssl verify -verbose -CAfile ca_cert.pem -purpose sslclient db1.in.chaos1.de_server_cert.pem
db1.in.chaos1.de_server_cert.pem: OK
- - -
x509 extensions of server cert are
- - -
            X509v3 Subject Key Identifier:
                E2:F8:B9:D0:94:F2:70:BD:BE:84:EE:5C:7B:45:95:47:E4:9F:49:3B
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: critical
                TLS Web Server Authentication
            X509v3 Subject Alternative Name: critical
                DNS:some.host, DNS:another host
- - -
and of client cert
- - -
            X509v3 Subject Key Identifier:
                E2:F8:B9:D0:94:F2:70:BD:BE:84:EE:5C:7B:45:95:47:E4:9F:49:3B
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: critical
                TLS Web Client Authentication
            X509v3 Subject Alternative Name: critical
                DNS:some.host, DNS:another host
- - -
How can this be?
What am I doing wrong?

Axel
PS: This is still this issue:
    http://article.gmane.org/gmane.comp.db.postgresql.admin/38559
—
PGP-Key:29E99DD6  ☀ +49 151 2300 9283  ☀ computing @ chaos claudius



В списке pgsql-admin по дате отправления:

Предыдущее
От: Guillaume Lelarge
Дата:
Сообщение: Re: Standby is not removing restored WAL segments
Следующее
От: "Huang, Suya"
Дата:
Сообщение: Re: How to interpret view pg_stat_bgwriter