Have you enabled CRL checking too? You can also get that if the nextUpdate
time in a CRL has passed. That might explain things if the CRL runs for a
month or so.
WOW! That's it! Thank you so much!
CRL expired exactly the day it stopped working. I did not know that a CRL could
expire. Never exp
> -Original Message-
> From: [EMAIL PROTECTED] On Behalf Of Andrej Podzimek
> Sent: Thursday, 09 October, 2008 10:39
> > Might be some STARTTLS equivalent but I'm not sure what it is for that
> > application.
>
> PostgreSQL always listens on one port. This is the only port I
> ever used
On Thu, Oct 09, 2008 at 10:19:58PM +0200, Andrej Podzimek wrote:
> if (i < 0)
> {
> + FILE * f;
> + f = fopen( "/tmp/CERTDUMP_EXPIRED", "w" );
> + PEM_write_X509( f, x );
> + fclose( f );
> ctx->error=X509_V_ERR_CERT
On Thu, Oct 09, 2008, Andrej Podzimek wrote:
>> Then I suggest you run the following command on those systems too:
>> openssl verify -CAfile root.crt other.crt
>> Where "other.crt" is the EE certificate, server.crt or posgresql.crt
>
> Says OK on both machines.
>
>> In crypto/x509/x509_vfy.c the f
Then I suggest you run the following command on those systems too:
openssl verify -CAfile root.crt other.crt
Where "other.crt" is the EE certificate, server.crt or posgresql.crt
Says OK on both machines.
In crypto/x509/x509_vfy.c the function check_cert_time() is the one you need.
Around the
On Thu, Oct 09, 2008, Andrej Podzimek wrote:
>> Hmmm Is that the right port for SSL/TLS if it is it looks like it
>> isn't
>> just a a case of connecting to the right port to get an SSL/TLS
>> connection. Might be some STARTTLS equivalent but I'm not sure what it is
>> for that
>> applicati
On Thu, Oct 09, 2008 at 05:43:15PM +0200, Andrej Podzimek wrote:
> >When a PEM file holds multiple certificates (a chain), this command
> >only shows the first one. You need to break each of the ".crt" files
> >into separate files for each certificate, and look at those.
>
> The root.crt file hol
On Thu, Oct 09, 2008 at 04:39:06PM +0200, Andrej Podzimek wrote:
I only have one directory and one CA certificate. That makes the task
simple.
On the client:
[EMAIL PROTECTED] .postgresql]$ openssl x509 -in postgresql.crt -text
| grep Not
Not Before: Mar 25 12:00:00 200
On Thu, Oct 09, 2008 at 04:39:06PM +0200, Andrej Podzimek wrote:
> I only have one directory and one CA certificate. That makes the task
> simple.
>
> On the client:
> [EMAIL PROTECTED] .postgresql]$ openssl x509 -in postgresql.crt -text
> | grep Not
> Not Before:
Hmmm Is that the right port for SSL/TLS if it is it looks like it isn't
just a a case of connecting to the right port to get an SSL/TLS connection.
Might be some STARTTLS equivalent but I'm not sure what it is for that
application.
PostgreSQL always listens on one port. This is the only po
On Wed, Oct 08, 2008, Andrej Podzimek wrote:
>> Are any intermediate CA certificates involved?
>
> No. The CA is home-made, created using OpenSSL. It has a self-signed
> certificate.
>
>> This command will dump all certificates received:
>> openssl s_client -connect hostname:portnum -showcerts
>
How about posting the certificate chain printed by -showcerts? If you
don't get one, then it's entirely possible that you've got a problem
on your server (such as not having the correct private key for the
certificate).
Well, that is possible, but not very probable. I am the only admin of the
How about posting the certificate chain printed by -showcerts? If you
don't get one, then it's entirely possible that you've got a problem
on your server (such as not having the correct private key for the
certificate).
-Kyle H
On Wed, Oct 8, 2008 at 2:16 PM, Andrej Podzimek <[EMAIL PROTECTED]>
Are any intermediate CA certificates involved?
No. The CA is home-made, created using OpenSSL. It has a self-signed
certificate.
This command will dump all certificates received:
openssl s_client -connect hostname:portnum -showcerts
[EMAIL PROTECTED] ~]$ openssl s_client -connect m
On Wed, Oct 08, 2008, Andrej Podzimek wrote:
> Hello,
>
> both psql and pgAdmin refuse to connect to my PostgreSQL server using SSL.
> These two error messages alternate:
>
> SSL error: sslv3 alert certificate expired
> SSL error: certificate verify failed
>
> CA certificate is valid
Hello,
both psql and pgAdmin refuse to connect to my PostgreSQL server using SSL.
These two error messages alternate:
SSL error: sslv3 alert certificate expired
SSL error: certificate verify failed
CA certificate is valid till 2011.
Server certificate is valid till 2009.
Client
16 matches
Mail list logo
