On 05/26/20 00:07, Alvaro Herrera wrote: >> If the libpq root.crt file can be made to work similarly to a >> Java trustStore, that expands the possible solution space. > > If I understand you correctly, you want a file in which you drop any of > these intermediate CA's cert in, causing the server to trust a cert > emitted by that CA -- regardless of that CA being actually root.
Right: an intermediate cert, or a self-signed root cert, or even the end-entity (leaf) cert for a specific machine. You name it, if I put in in the trust store, and a connection verification starts with or leads to a cert that I put there, success. Regards, -Chap
