On 2/15/21 8:23 AM, Laurenz Albe wrote:
> On Sat, 2021-02-13 at 09:57 -0700, Rob Sargent wrote:
>> I’m confused, as usual, about using a cert in a connection string. I wish to connect form a
>> “middle ware” piece to PG on be half of various clients. Does each client need a corresponding
>> cert/key or is the certification intended to say the sending machine is who it says it is
>> (thereby needing only one cert)
>
> They can share one certificate.
>
> https://www.postgresql.org/docs/current/auth-cert.html:
>
> When using this authentication method, the server will require that the client provide a valid,
> trusted certificate. No password prompt will be sent to the client. The cn (Common Name)
> attribute of the certificate will be compared to the requested database user name, and if they
> match the login will be allowed.
>
> Yours,
> Laurenz Albe
>
Thank you.
Since I wish to make the jdbc connection using the role's login (for
search_path, I take it I will make role-specific certs, setting the CN
accordingly. (I do know which role I need for each connection request
and can set the dbname as well).