I'm trying to follow instrux in V12:18.9.5 Creating Certificates. [1]
I'm stuck in my basement so all references to "/CN=FQN" have been set to $(hostname), just the hostname, because $(domainname) returns "(none)" which I presume is akin to null.
With my newly minted certs and keys using psql (to either $(hostname) or localhost) I get the "SSL connection (protocol: TLSv1.3...) message, so long as I have an empty ~/.postgresql directory. If I copy the generated root.crt to ~/.postgresql (chown me.me; chmod 400) I get a plain connection (no ssl).
With root.crt in ~/.postgresql, testing the jdbc connection from a tomcat server generates this failure (again either localhost or $(hostname)) Blow out on db connection to jdbc:postgresql://localhost:5432/postgres; SSL error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target org.postgresql.util.PSQLException: SSL error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Is this a pkcs v. pem cat fight? Or is there enough here to tell which step went south, or just start over?
[1] https://www.postgresql.org/docs/12/ssl-tcp.html
