Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11

Yi Sun Wed, 01 Dec 2021 00:56:44 -0800

Hi Kyotaro,

We want to revoke server certificate, just don't know why doesn't take
affect
https://www.postgresql.org/docs/11/ssl-tcp.html
https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-CRL-FILE


Kyotaro Horiguchi <horikyota....@gmail.com> 于2021年12月1日周三 下午2:12写道：

> At Tue, 30 Nov 2021 21:53:06 +0800, Yi Sun <yina...@gmail.com> wrote in
> > # cat /home/sunyi/tls/root.crt /home/sunyi/tls/1/root.crl >
> /tmp/test_1.pem
> > # openssl verify -extended_crl -verbose -CAfile /tmp/test_1.pem
> -crl_check
> > /home/sunyi/tls/1/server.crt
>
> I guess what you really wanted to revoke was not server.crt but
> postgresql.crt.
>
> regards.
>
> --
> Kyotaro Horiguchi
> NTT Open Source Software Center
>

Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11

Reply via email to