On Thu, Oct 09, 2008 at 04:39:06PM +0200, Andrej Podzimek wrote:
I only have one directory and one CA certificate. That makes the task
simple.
On the client:
[EMAIL PROTECTED] .postgresql]$ openssl x509 -in postgresql.crt -text
| grep Not
Not Before: Mar 25 12:00:00 2008 GMT
Not After : Mar 25 12:00:00 2009 GMT
[EMAIL PROTECTED] .postgresql]$ openssl x509 -in root.crt -text | grep
Not
Not Before: Nov 12 16:03:00 2006 GMT
Not After : Nov 11 16:03:00 2011 GMT
On the server:
[EMAIL PROTECTED] data]# openssl x509 -in server.crt -text | grep Not
Not Before: Jul 23 09:20:00 2008 GMT
Not After : Jul 23 09:20:00 2009 GMT
[EMAIL PROTECTED] data]# openssl x509 -in root.crt -text | grep Not
Not Before: Nov 12 16:03:00 2006 GMT
Not After : Nov 11 16:03:00 2011 GMT
When a PEM file holds multiple certificates (a chain), this command
only shows the first one. You need to break each of the ".crt" files
into separate files for each certificate, and look at those.
The root.crt file holds exactly one self-signed CA certificate. This CA was
then used to create postgresql.crt and server.crt. Each file contains exactly
one certificate. There are no chains.
There is only one block like this in each file:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Should I try to append the CA certificate to the server and client certificate
files? Some apps require this, but PostgreSQL worked just fine without it till
the beginning of October.
Andrej
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
