Hello,
I have been using PgAdmin III with SSL for a couple of months. I set up
certificates for both the server and the client, valid until March 2009.
Everything worked fine.
Now the bad news: PgAdmin refuses to connect since yesterday, with this
error message:
Error connecting to the server: SSL error: sslv3 alert certificate
expired
This is obviously a nonsense, as both certificates are valid and system
clocks on both computers show correct date and time. I even restarted the
PostgreSQL server, which did not help.
Using PostgreSQL 8.3.3, compiled --with-openssl.
Best regards,
Andrej Podzimek
Sorry for answeing my own message, but the bug is still there... This is a
real showstopper. What could be wrong?
The message comes from OpenSSL/libpq - pgAdmin just displays it for
you. I have no idea why OpenSSL would think your certificate had
expired unless it had. Could it be the the issuing CA certificate has
expired?
No, that's my home-made CA, with a certificate valid until 2011...
In fact, the whole story is a little bit more complicated:
1) I enabled OpenSSL for psql and pgAdmin in June 2008.
2) It stopped working (for the first time) at the end of August, with the
stupid error message (expired certificate).
3) Adding the CA certificate and CRL on the *client* side fixed this, amazingly.
4) Then it worked for about one month, till the beginning of October.
5) Stopped working again about two days ago. The same error message
This seems inexplicable to me: Certificate and key files still in place,
computer clocks OK and it just stopped working. Should I try an older version
of OpenSSL?
All other programs based on OpenSSL work just fine. Is it possible to get more
log messages somehow? The client says certificate has expired. The server says
that the client did not provide any certificate. The client certificate is
valid untill 2009 and so is the server certificate.
I tried to log in from a remote computer, then from the LAN and locally. The
same nonsense was „reported“ each time.
Andrej
--
Sent via pgadmin-support mailing list (pgadmin-support@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-support
