On 03/07/2013 12:42 PM, Ray Stell wrote:
> What Tom said works for me. Here is a page that gives an example and I think
> it demonstrates that the root CA does not allow everybody in the gate, the
> chain has to be in place:
>
> http://stackoverflow.com/questions/1456034/trouble-understanding-
On Mar 7, 2013, at 9:37 AM, Ian Pilcher wrote:
> On 03/07/2013 08:28 AM, Tom Lane wrote:
>> Maybe I'm missing something, but I don't see why you'd expect a
>> different result. That leaves you with no way to validate the server's
>> own certificate.
>
> I don't follow. Why would the server nee
On 03/07/2013 08:28 AM, Tom Lane wrote:
> Maybe I'm missing something, but I don't see why you'd expect a
> different result. That leaves you with no way to validate the server's
> own certificate.
I don't follow. Why would the server need to validate it's own
certificate?
--
=
Ian Pilcher writes:
> I am trying to configure PostgreSQL 8.4 to trust an intermediate CA for
> client certificate validation -- without trusting everything signed by
> the root CA (or a different intermediate CA). Given the following CA
> hierarchy, for example, I would like to trust *only* clie
I am trying to configure PostgreSQL 8.4 to trust an intermediate CA for
client certificate validation -- without trusting everything signed by
the root CA (or a different intermediate CA). Given the following CA
hierarchy, for example, I would like to trust *only* client certificates
signed by the
