I figured out that my TLS version was too low in the libpq call and increased it to TLS v1.1 Should I go to 1.2? I am wondering because I do not want to limit compatibility.
Once I got past that hurdle, I am getting the error "ssl error: the certificate verify failed" Since I built the certificates myself self-signed, I am assuming I did something that Postgres does not like. I should mention that I am using the Windows environment for testing (I will test Linux after Windows succeeds). I would like to have all my certificates and keys on the same machine (localhost for local connections and dcorbit for tcp/ip). I found a couple tutorials and tried them but it failed. I saw one document that said the common name should be the postgres user name and that it should also be the connecting machine name. Is that correct? Is there a document or tutorial that explains the correct steps? Equally important, is there a way to get more complete diagnostics when something goes wrong (like WHY did the certificate verify fail)?
