Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1srcUY-003His-GV for pgsql-admin@arkaria.postgresql.org; Fri, 20 Sep 2024 12:12:07 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1srcUW-004r9q-5k for pgsql-admin@arkaria.postgresql.org; Fri, 20 Sep 2024 12:12:05 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1srcUV-004r9h-MH for pgsql-admin@lists.postgresql.org; Fri, 20 Sep 2024 12:12:05 +0000 Received: from mail-ej1-x62b.google.com ([2a00:1450:4864:20::62b]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1srcUS-000BHE-TN for pgsql-admin@lists.postgresql.org; Fri, 20 Sep 2024 12:12:04 +0000 Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-a8d4979b843so212202766b.3 for ; Fri, 20 Sep 2024 05:12:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cybertec-at.20230601.gappssmtp.com; s=20230601; t=1726834321; x=1727439121; darn=lists.postgresql.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=KJVw/dzzKsCJeCBsUGssnDWdAXqeTXhUqlKeZ50MMHE=; b=K3yyJEb+a0j7P7mzvDqYpaMUEuRIPNk+CHkPvvo9bNHoZ02Elg9XJ+30FD2KXdq4OG Uwq1NVuvJJzfMMn3RVwujLL9MGCTC4/+7bNoW1KvJiJ5rYqnUkV7E6MCsYmFpoXDWB4a suRQQLWH+Xk7zJ29KajuNDSNZtEjfCUKVEJzVEi0JOdsqMdNUIQfv+hHl28bYEJjOHdc 0XBbAZZ6m+0lIeNPZCcCQHgsUBcBbTkN5Rwom8XUzV9OPu79mYT5i8iG1m1XIvntx/67 dleHxnJSVFU5lEYfztCtyFvDZudKEJADbm4Hywn5055xjAlRqbxsvhRzKtLTfypToFBd f0Bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726834321; x=1727439121; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=KJVw/dzzKsCJeCBsUGssnDWdAXqeTXhUqlKeZ50MMHE=; b=AxIe+hJWE8k99CfYlmtIUlwbIJRuwfiXi0oJHHSQfqQJRNMVjp5jU6xzDhbVyPTo0K iN8KVqnEO5vYRS8Bz91R+Zj2wVAUtQxqot+MVIg75jQhTSNfBe6SJNC2Nevf+7A/OHWo E7S/spB3N6TOie3IKqKlH+xhxeCzmlsuQ6cJE7w16Q51HJ+GtbJXjCu8UtG8xgypzvrx orGUplAwNd7ClOKGH/XDOrXxF4sjwdcNJviDJ1tupdoB3wF6A+EjOUDND0LUBXjNV1Cr +63by4anEUVKM0IkA6Uc8GsW2bbu5S6I0XsYn/f34HqpP8wr40sYq6jrixiAH63fUySX uJwg== X-Gm-Message-State: AOJu0Yz4US/Ekkt0myIroqyhTv3mtVzFXiF/fm11gUKWWu85UZWIkwcc thRdGuIElEW97JGXoU4+Qoe5Z7RJOIiQRHFQx5aAgmMVbgapVIZ/Av+ejPSue1I= X-Google-Smtp-Source: AGHT+IHJOcA4NIiGRl1B+DZFomwlpXdkCnueDuI/6Gd/xTK/qfcusHGEGnLzoPlhHMYc/KO7Frc6Xw== X-Received: by 2002:a17:906:99c2:b0:a8a:93d4:ac21 with SMTP id a640c23a62f3a-a90d5616f2amr187699366b.28.1726834321082; Fri, 20 Sep 2024 05:12:01 -0700 (PDT) Received: from dynamic-pd01.res.v6.highway.a1.net ([2001:871:5e:9d01:b2d:4032:5ab9:9a8d]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a906109628fsm846037166b.6.2024.09.20.05.12.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Sep 2024 05:12:00 -0700 (PDT) Message-ID: <62d4334b051d2876ef8d06b82856549175cd3ec7.camel@cybertec.at> Subject: Re: Postgres - SSL connection using only root CA From: Laurenz Albe To: AjithKumar Kannan , Scott Ribe Cc: pgsql-admin@lists.postgresql.org Date: Fri, 20 Sep 2024 14:11:59 +0200 In-Reply-To: References: <46B9DE0A-9BD6-44B5-ABA2-2B459DD6857E@elevated-dev.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.52.4 (3.52.4-1.fc40) MIME-Version: 1.0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, 2024-09-20 at 16:57 +0530, AjithKumar Kannan wrote: > Thanks for your response. So can we connect using rootca and key? No. You need a certificate and the private key for that certificate. Yours, Laurenz Albe