Hi again, Martin Pitt [2005-07-21 0:09 +0200]: > Hi Andreas! > > Andreas Pakulat [2005-07-20 17:30 +0200]: > > > However, I'm not sure whether it makes sense to ship a default > > > root.crt. What do you think? > > > > I don't think so either. Correct me if I'm wrong but normally you would > > have certificates for each client and put them onto the server (as > > root.crt) right? > > That's what I understood.
That was wrong, sorry. root.crt does not contain the client certs, but one or more certificates client certs must be *signed with* to be accepted. In this sense I think that root.crt being the same as postgresql.crt would indeed be a sane default. Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org
signature.asc
Description: Digital signature
