The following bug has been logged online:
Bug reference: 4455
Logged by: Andrej Podzimek
Email address: andrej@podzimek.org
PostgreSQL version: 8.3.3
Operating system: Linux 2.6.26.5
Description: Valid SSL certificate reported as expired
Details:
Hello,
both psql and pgAdmin refuse to connect to my server using SSL, with this
inexplicable error message:
Error connecting to the server: SSL error: sslv3 alert certificate
expired
CA certificate is valid till 2011.
Server certificate is valid till 2009.
Client certificate is valid till 2009.
So the error message is obviously a nonsense.
In fact, the whole story is a little bit more complicated:
1) I enabled OpenSSL for psql and pgAdmin in June 2008. It worked.
2) It stopped working (for the first time) at the end of August, with the
error message mentioned above (certificate expired).
3) Adding the CA certificate and CRL on the *client* side fixed this,
amazingly.
4) Then it worked for about one month, till the beginning of October.
5) Stopped working again about two days ago. The same error message.
This seems inexplicable to me: Certificate and key files still in place,
computer clocks OK and it just stopped working. Should I try an older
version of OpenSSL?
All other programs based on OpenSSL work just fine. Is it possible to get
more log messages somehow? The client says the certificate has expired. The
server says that the client did not provide any certificate. But nobody says
*which* certificate expired. (AFAIK, all of them are valid. Checked that
twice.)
I tried to log in from a remote computer, then from the LAN and locally. The
same nonsense was âreportedâ each time.
Both psql and pgAdmin behave that way. The only difference is that psql
prefers IPv6, whereas pgAdmin only connects through IPv4.
Thank you in advance for any piece of advice.
Andrej