public inbox for [email protected]
help / color / mirror / Atom feedFrom: Tom Lane <[email protected]>
To: Valere Binet <[email protected]>
Cc: [email protected]
Subject: Re: FATAL: connection requires a valid client certificate
Date: Fri, 20 Jun 2025 12:02:46 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAJn2Pj=dTF=LpYiO9SyyKQoyrDEMO=UeQxb+br4qmuAYpVUU5A@mail.gmail.com>
References: <CAJn2Pj=dTF=LpYiO9SyyKQoyrDEMO=UeQxb+br4qmuAYpVUU5A@mail.gmail.com>
Valere Binet <[email protected]> writes:
> I'm completely new to postgresql and I'm struggling with its SSL
> configuration.
It sounds like you have the right certs in the right files.
I wonder though whether the client is actually picking up the
client-side cert/key.
In particular, a quick look at the libpq source code indicates
that it doesn't have any mechanism for expanding "~" in the sslcert
etc. parameters: you need to write out the full path verbatim.
(But it also looks like you should have gotten an error about
not finding the sslrootcert file, so I'm not quite sure if this
theory is correct.)
Another thing to look into is whether the order of the certs
in the multi-cert files matters.
regards, tom lane
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: FATAL: connection requires a valid client certificate
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox