On 12/02/2013 03:44 PM, Tom Lane wrote:
> Bruce Momjian <bruce@momjian.us> writes:
>> Let me ask a simple question --- can
>> you put only the client cert on the client (postgresql.crt) and only the
>> root cert on the server (root.crt), and will it work?
> Yes, that's surely always worked.
Not if the client has been signed by an intermediate CA, surely. Either
the server must have the intermediate CA cert in its root.crt or the
client must supply it along with the end cert.
cheers