Hi Kyotaro >From the description, seems ~/.postgresql/root.crl is store client revoked certificate
https://www.postgresql.org/docs/11/libpq-ssl.html ~/.postgresql/root.crl certificates revoked by certificate authorities server certificate must not be on this list Just don't know why server parameter ssl_crl_file parameter configured but don't take affect https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-CRL-FILE ssl_crl_file (string) Specifies the name of the file containing the SSL server certificate revocation list (CRL). Relative paths are relative to the data directory. This parameter can only be set in the postgresql.conf file or on the server command line. The default is empty, meaning no CRL file is loaded.
