Jorge Godoy wrote:
> I'll have to dig if the libraries I use support that. It
> would be much more interesting changing certificates once
> a year than hardcoding passwords on code...
But remember that you will still be asked for a password
unless you use trust authentication.
Yours,
Laurenz Alb
On Thursday 20 September 2007 11:41:00 Tom Lane wrote:
> "Albe Laurenz" <[EMAIL PROTECTED]> writes:
> > Jorge Godoy wrote:
> >> Even though one can require connections using only SSL on the
> >> server side, I don't see a method (in pg_hba.conf) that
> >> would allow clients with SSL certificates.
"Albe Laurenz" <[EMAIL PROTECTED]> writes:
> Jorge Godoy wrote:
>> Even though one can require connections using only SSL on the
>> server side, I don't see a method (in pg_hba.conf) that
>> would allow clients with SSL certificates.
> Nor do I.
If you mean *require* clients to have certificates,
Jorge Godoy wrote:
>> What does pg_hba.conf look like?
>
> I don't know if I misunderstood him, but I thought he was
> willing to have SSL on both sides, i.e., both the client
> and the server identify themselves trough SSL certificates.
I had the same impression.
> Even though one can require c
On Thursday 20 September 2007 05:15:39 Albe Laurenz wrote:
>
> What does pg_hba.conf look like?
I don't know if I misunderstood him, but I thought he was willing to have SSL
on both sides, i.e., both the client and the server identify themselves
trough SSL certificates.
Even though one can requ
Benjamin Smith wrote:
> But I am stumped as to how to create a client certificate
> that's enforced!
>
> I tried the instructions found
> http://marc.info/?l=tomcat-user&m=106293430225790&w=2
>
> and used the "ca.pem" created there as the postgres root.crt
> and although the PG daemon no long
I'm using 8.1 RPMs for CentOS and so far, it's been great.
Now, I'm going to enable SSL. I had no trouble with the instructions on the
documentation for server-only certificates, and verified that psql (Linux)
acknowledges the SSL connection.
But I am stumped as to how to create a client cert
