> Also I'm guessing you have ssl = on in postgresql.conf and server cert
setup.
Sorry, here's a likely explaination from postgresql.conf
ssl = on
#ssl_ca_file = ''
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
#ssl_crl_file = ''
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
I have no recollection of making those choices (or what I had for
breakfast).
If you want to enforce SSL then:
"
hostssl
This record matches connection attempts made using TCP/IP, but only
when the connection is made with SSL encryption.
Do you have any thoughts on question #2?
