David,
We've had to do this a couple of times for a handful of our Java developer clients - as I recall, we googled our way to the solution pretty easily... But, from the wording of your message, it sound like you may be conflating a couple of different things. The certificate and key will be unique to the server, and for each client. The way to think about it: The 'key' file is the unique identity for each 'entity' in your environment, from which all else flows. The 'root' certificate may well be common to all entities; sounds like this is the case you are setting up. You may then specify - if your design dictates it - that each client certificate be _signed_ by the same root certificate. There are a few permutations in there, to be thought about. What you would _not_ be doing is using the same key(s) and cert(s) on both server and client(s). Did not see you at PG East last week? Lou Picciano ----- Original Message ----- From: "David Patricola" <david.patric...@jefferson.edu> To: openssl-users@openssl.org Sent: Tuesday, March 29, 2011 1:16:03 PM Subject: Truststore or Cacerts file? I have a postgres server running in SSL, and set up the self-signed certificates and key on this box as well. I need to install these certificates on a client Java box’s (actually running ColdFusion 8) keystore. Out of postgresql.crt, root.crt and postresql.key, which files do I store? And do they go into the default cacerts file or create a truststore? David Patricola | Senior Cold Fusion Developer | Web Applications & Services | Jefferson Information Technologies Thomas Jefferson Universtiy | Philadelphia, PA | 215.503.1715 (Office)
