At Fri, 3 Dec 2021 15:41:51 +0800, Yi Sun wrote in
> Hi Kyotaro,
>
> Thank you for your explanation, after putting the crl file to client, it
> works now, thanks.
Good to hear that. That portion of the documentation has been fixed on
the repository, and it will be released in the next minor rel
Hi Kyotaro,
Thank you for your explanation, after putting the crl file to client, it
works now, thanks.
Kyotaro Horiguchi 于2021年12月2日周四 下午12:46写道:
> Hi.
>
> At Thu, 2 Dec 2021 11:31:26 +0800, Yi Sun wrote in
> > Hi Kyotaro
> >
> > From the description, seems ~/.postgresql/root.crl is store c
Hi.
At Thu, 2 Dec 2021 11:31:26 +0800, Yi Sun wrote in
> Hi Kyotaro
>
> From the description, seems ~/.postgresql/root.crl is store client
> revoked certificate
No. Revocation is checked on the peer. There's no point for a server
to check for revocation of its own certificate, and actually
Hi Kyotaro
>From the description, seems ~/.postgresql/root.crl is store client
revoked certificate
https://www.postgresql.org/docs/11/libpq-ssl.html
~/.postgresql/root.crl certificates revoked by certificate authorities server
certificate must not be on this list
Just don't know why server para
At Wed, 1 Dec 2021 16:56:11 +0800, Yi Sun wrote in
> We want to revoke server certificate, just don't know why doesn't take
> affect
> https://www.postgresql.org/docs/11/ssl-tcp.html
> https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-CRL-FILE
Understood. ~/.postgresq/ro
Hi Kyotaro,
We want to revoke server certificate, just don't know why doesn't take
affect
https://www.postgresql.org/docs/11/ssl-tcp.html
https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-CRL-FILE
Kyotaro Horiguchi 于2021年12月1日周三 下午2:12写道:
> At Tue, 30 Nov 2021 21:53:06 +
At Tue, 30 Nov 2021 21:53:06 +0800, Yi Sun wrote in
> # cat /home/sunyi/tls/root.crt /home/sunyi/tls/1/root.crl > /tmp/test_1.pem
> # openssl verify -extended_crl -verbose -CAfile /tmp/test_1.pem -crl_check
> /home/sunyi/tls/1/server.crt
I guess what you really wanted to revoke was not server.cr
Hi Gabriel,
Thank you.
I copied root.crl again and reload postgresql
-bash-4.2$ ls -alrt /var/lib/pgsql/tls
total 24
-rw-r- 1 postgres postgres 1168 Nov 30 04:20 server.crt
-rw--- 1 postgres postgres 1679 Nov 30 04:20 server.key
-rw-r- 1 postgres postgres 688 Nov 30 04:20 root.crt
-
El 30/11/2021 a las 10:53, Yi Sun escribió:
Hi All,
OS: CentOS 7.6
PG: 11.11
Our env already configured ssl
--server postgresql.conf
ssl = 'on'
ssl_ca_file = '/var/lib/pgsql/tls/root.c
Hi All,
OS: CentOS 7.6
PG: 11.11
Our env already configured ssl
--server postgresql.conf
ssl = 'on'
ssl_ca_file = '/var/lib/pgsql/tls/root.crt'
ssl_cert_file = '/var/lib/pgsql/tls/server.crt'
ssl_key_file = '/var/lib/pgsql/tls/server.key'
--client configuration
$ ls -alrt /var/lib/pgsql/.postgre
10 matches
Mail list logo
