ssl certification

Started by Lu, Chenyangover 5 years ago1 messagesgeneral

lucy.fnst@cn.fujitsu.com

over 5 years ago

Hi~

Forgive me for not being familiar with SSL.

When I try to use SSL certification function.(in postgresql9.5.22)
The service uses the following configuration
Set ssl=on in postgresql.conf
　　　Set ssl_cert_file=server.crt in postgresql.conf
　　　Set ssl_key_file=server.key in postgresql.conf
　　　Set ssl_ca_file=root.crt in postgresql.conf
CASE 1. Add hostssl test all all md5 in pg_hba.conf
CASE 2. Add hostssl test all all cert in pg_hba.conf

In CASE 1 : use psql -U test -d "postgresql://193.xxx.xxx.xxx/test?sslmode=verify-ca"
I can connect normally.
In CASE 2 : use the same connection string
I got "psql: FATAL: connection requires a valid client certificate (10689)"

Question:cert in pg_hba.conf means what? How can I configure the client Certificate it needs.

Thanks~