Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sqwS2-00EE9G-54 for pgsql-admin@arkaria.postgresql.org; Wed, 18 Sep 2024 15:18:42 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sqwS0-00Bns1-Qm for pgsql-admin@arkaria.postgresql.org; Wed, 18 Sep 2024 15:18:40 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sqwRz-00Bnra-ST for pgsql-admin@lists.postgresql.org; Wed, 18 Sep 2024 15:18:40 +0000 Received: from mailout.easymail.ca ([64.68.200.34]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sqwRw-001pPY-Vk for pgsql-admin@lists.postgresql.org; Wed, 18 Sep 2024 15:18:38 +0000 Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 719A362F91; Wed, 18 Sep 2024 15:18:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elevated-dev.com; s=easymail; t=1726672715; bh=vzI7Sh0IupCMGAaM5nO700j+b5BIUzzFBtf7prY/F08=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=yT4VCJSj7y45UWlZ3AIniiYb0AbfzgNaohZiFJE2NCJDapu/ojyJHtmsBz5vdCPOp 5kl1kFLnG9TkD52GHM7b+uaNpaS6omyhTdw1NzUifTixE82kWkCojK37szIfHcLVH5 jAFUW0NUcrOz8TbuPbevTNGHQUHX7S6/cSCF8bmIaMsAKvbRL70YWoFbFOL6wH6EXS mw0S49dv7cCreNm68m8+qtwtiGr4eXbxL8A2cmSh4H0/7Goo2n97sgMQkCPWz3GAQH D5AUJfQrwTJesDeS/y3upp0qgBw2Cyw9ajqu9/yw7GQIBRosMyF4vBAMMLiKN2YGcu jbiTHApvM1hqQ== X-Virus-Scanned: Debian amavisd-new at emo07-pco.easydns.vpn Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo07-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zfvcpWozaaPK; Wed, 18 Sep 2024 15:18:35 +0000 (UTC) Received: from smtpclient.apple (unknown [165.140.184.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id E121E62919; Wed, 18 Sep 2024 15:18:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elevated-dev.com; s=easymail; t=1726672715; bh=vzI7Sh0IupCMGAaM5nO700j+b5BIUzzFBtf7prY/F08=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=yT4VCJSj7y45UWlZ3AIniiYb0AbfzgNaohZiFJE2NCJDapu/ojyJHtmsBz5vdCPOp 5kl1kFLnG9TkD52GHM7b+uaNpaS6omyhTdw1NzUifTixE82kWkCojK37szIfHcLVH5 jAFUW0NUcrOz8TbuPbevTNGHQUHX7S6/cSCF8bmIaMsAKvbRL70YWoFbFOL6wH6EXS mw0S49dv7cCreNm68m8+qtwtiGr4eXbxL8A2cmSh4H0/7Goo2n97sgMQkCPWz3GAQH D5AUJfQrwTJesDeS/y3upp0qgBw2Cyw9ajqu9/yw7GQIBRosMyF4vBAMMLiKN2YGcu jbiTHApvM1hqQ== Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51\)) Subject: Re: Postgres - SSL connection using only root CA From: Scott Ribe In-Reply-To: Date: Wed, 18 Sep 2024 09:18:24 -0600 Cc: pgsql-admin@lists.postgresql.org Content-Transfer-Encoding: quoted-printable Message-Id: <46B9DE0A-9BD6-44B5-ABA2-2B459DD6857E@elevated-dev.com> References: To: AjithKumar Kannan X-Mailer: Apple Mail (2.3776.700.51) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk SSL without a key is not a thing. -- Scott Ribe scott_ribe@elevated-dev.com https://www.linkedin.com/in/scottribe/ > On Sep 18, 2024, at 9:13=E2=80=AFAM, AjithKumar Kannan = wrote: >=20 > I have tried the SSL mode as verify-ca in hba config and was trying to = connect the DB using only ca, but that did not succeed. In Postgres, do = we have any option to use only rootca for SSL connections?=20 >=20