Ray Stell <stellr@cns.vt.edu> writes:
> Someone asked about ssl client cert auth recently. I got
> this to work, but something tripped me up.
> http://developer.postgresql.org/pgdocs/postgres/ssl-tcp.html
> states (very clearly, btw) that, "To require the client to supply a
> trusted certificate, place certificates of the certificate authorities
> (CAs) you trust in the file root.crt in the data directory." I had
> ASS-U-MEd that root.crt would go in .postgresql as it does for encryption.
> This begs the question, why two copies of the same file?
The one in ~/.postgresql is for client usage. The one in $PGDATA is for
the server's use. There's no reason to assume they'd be the same.
regards, tom lane