On Wed, Sep 07, 2011 at 04:37:24PM +0200, Asia wrote:
> put top-level CA cert from CA having two certs in root.crt
[. . .]
> how libpq works with chained CA's.
"Two certs" and "chained CAs" are completely different problems. What
are you trying to do, exactly?
A
--
Andrew Sullivan
a...@cran
Asia Wednesday 07 of September 2011 16:00:39
> > I personally haven't tired SSL for PostgreSQL but, I think, You should
> > put in root.crt only intermediate certificate (C1 - from prev post), so
> > all and only all "sub-certs" of intermediate CA will be able to
> > establish connection (paranoic
Asia writes:
> I have a feeling that jdbc list is not the right list to ask why libpq does
> not work when I
> put top-level CA cert from CA having two certs in root.crt while you stated
> it would be
> proper configuration.
What is a "CA having two certs"? AFAIK, there is no such animal.
I have a feeling that jdbc list is not the right list to ask why libpq does not
work when I
put top-level CA cert from CA having two certs in root.crt while you stated it
would be
proper configuration.
There are 2 related threads here: one with consistency between libpq and jdbc
driver and the
Asia writes:
> The problem is that I believe that this configuration could be better but I
> cannot put part
> of CA chain in root.crt as it was advised.
> For Java it all depends on current SSL Factory implementation, I was using
> the default one.
> If I wrote my own implementation I would pr
>
> I personally haven't tired SSL for PostgreSQL but, I think, You should
> put in root.crt only intermediate certificate (C1 - from prev post), so
> all and only all "sub-certs" of intermediate CA will be able to
> establish connection (paranoic security).
>
> Putting intermediate CAs as tru
On Wednesday, September 07, 2011 4:49:30 am Asia wrote:
>
> The problem is that I believe that this configuration could be better but I
> cannot put part of CA chain in root.crt as it was advised.
> For Java it all depends on current SSL Factory implementation, I was using
> the default one. If I
On Wed, 07 Sep 2011 13:49:30 +0200, Asia wrote:
I think problem is as follows, server sends to client certificates
it
can accept (as accepted parents), without intermediate CA, Java sees
only top-level cert and tries to find client cert issued directly by
top-level CA, I may only assume, that
>
> I think problem is as follows, server sends to client certificates it
> can accept (as accepted parents), without intermediate CA, Java sees
> only top-level cert and tries to find client cert issued directly by
> top-level CA, I may only assume, that without intermediate CA you will
> be
On Wed, 07 Sep 2011 12:03:45 +0200, Asia wrote:
Asia writes:
> I would expect to have only one top-level CA cert in server's and
client's root.crt and it was not possible to configure with 2-level
intermediate CA.
This seems a little confused, since in your previous message you
stated
that
> Asia writes:
> > I would expect to have only one top-level CA cert in server's and client's
> > root.crt and it was not possible to configure with 2-level intermediate CA.
>
> This seems a little confused, since in your previous message you stated
> that libpq worked correctly and JDBC did no
Asia writes:
> I would expect to have only one top-level CA cert in server's and client's
> root.crt and it was not possible to configure with 2-level intermediate CA.
This seems a little confused, since in your previous message you stated
that libpq worked correctly and JDBC did not, and now y
> Asia writes:
> > Now the issue is then when using libpq it was enough to have only root
> > certificate in server's root.crt and it worked fine.
> > But when I tried using the same with JDBC it turned out that I need to put
> > whole chain (2 certs) of Intermediate CA 1 in server's root.crt.
>
Il giorno lun, 22/08/2011 alle 09.37 -0400, Tom Lane ha scritto:
> Asia writes:
> > Now the issue is then when using libpq it was enough to have only root
> > certificate in server's root.crt and it worked fine.
> > But when I tried using the same with JDBC it turned out that I need to put
> > w
Thank you for your reply. I agree that this configuration could be better and
this is why I sent my post.
There is still one concern remaining. As I said I have working configuration
with libpq and jdbc. For jdbc I created keystore, that is properly used with
connection ssl=on parameter and cli
Asia writes:
> Now the issue is then when using libpq it was enough to have only root
> certificate in server's root.crt and it worked fine.
> But when I tried using the same with JDBC it turned out that I need to put
> whole chain (2 certs) of Intermediate CA 1 in server's root.crt.
This is po
Recently I have been working on implementation of mutual SSL authentication
between our application and PostgreSQL database.
I managed to make it work wih "ssl=true" connection option and "clientcert=1"
flags in pg_hba.conf. Moreover I managed to make it work with C++ application
using libpq and
17 matches
Mail list logo
