certs in connection string

On Sat, 2021-02-13 at 09:57 -0700, Rob Sargent wrote:

I’m confused, as usual, about using a cert in a connection string. I wish to connect form a
“middle ware” piece to PG on be half of various clients. Does each client need a corresponding
cert/key or is the certification intended to say the sending machine is who it says it is
(thereby needing only one cert)

They can share one certificate.

https://www.postgresql.org/docs/current/auth-cert.html:

When using this authentication method, the server will require that the client provide a valid,
trusted certificate. No password prompt will be sent to the client. The cn (Common Name)
attribute of the certificate will be compared to the requested database user name, and if they
match the login will be allowed.

Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com

On 2/15/21 8:23 AM, Laurenz Albe wrote:

On Sat, 2021-02-13 at 09:57 -0700, Rob Sargent wrote:

I’m confused, as usual, about using a cert in a connection string. I wish to connect form a
“middle ware” piece to PG on be half of various clients. Does each client need a corresponding
cert/key or is the certification intended to say the sending machine is who it says it is
(thereby needing only one cert)

They can share one certificate.

https://www.postgresql.org/docs/current/auth-cert.html:

When using this authentication method, the server will require that the client provide a valid,
trusted certificate. No password prompt will be sent to the client. The cn (Common Name)
attribute of the certificate will be compared to the requested database user name, and if they
match the login will be allowed.

Yours,
Laurenz Albe

Thank you.

Since I wish to make the jdbc connection using the role's login (for
search_path, I take it I will make role-specific certs, setting the CN
accordingly. (I do know which role I need for each connection request
and can set the dbname as well).