Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-admin-owner+archive@lists.postgresql.org>)
	id 1sqwNF-00EDcb-Hd
	for pgsql-admin@arkaria.postgresql.org; Wed, 18 Sep 2024 15:13:45 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-admin-owner+archive@lists.postgresql.org>)
	id 1sqwND-00BfyU-Ua
	for pgsql-admin@arkaria.postgresql.org; Wed, 18 Sep 2024 15:13:43 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ajithz2307@gmail.com>)
	id 1sqwND-00Bfy5-JC
	for pgsql-admin@lists.postgresql.org; Wed, 18 Sep 2024 15:13:43 +0000
Received: from mail-qk1-x72b.google.com ([2607:f8b0:4864:20::72b])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <ajithz2307@gmail.com>)
	id 1sqwN6-001pLf-Mh
	for pgsql-admin@lists.postgresql.org; Wed, 18 Sep 2024 15:13:41 +0000
Received: by mail-qk1-x72b.google.com with SMTP id
 af79cd13be357-7a9aec89347so424105385a.0
        for <pgsql-admin@lists.postgresql.org>;
 Wed, 18 Sep 2024 08:13:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1726672415; x=1727277215;
 darn=lists.postgresql.org;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=RoJGiEDvK/DLK14TPhyzHwN/tBJ9w3dOBEvyjWTxka4=;
        b=AXT4RzodTERH1G/o3/WOnVlAHEkbMJLXtRfo6HXmjAxGZYgeKmScJBRD1Wvw0yma1U
         XYKVdj8apxD3Zz07jaWy6JlmK3Qnx9t42eS7wdOJzeYP7giujcTwDPYWrLYbKCXDBdTe
         t6/GVVxMaVwEIa6At0XVXikoj7ukjG5gzhhelVrJ818H1qb/A80ApLecesGTABniRgwI
         F5Qi2RVuEkDumybZGmy6HCuqN1UcDPbUsS5KPiv2A4Z5IE4S6NErzaujMtJl1LG9PNGf
         UJSLF2IQYAKynQ6kSh2wGCXVHJ0ut8h7e9q1gHyzfqrdBS5pXYn+C/QGNRtprRajGGed
         d8oQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1726672415; x=1727277215;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=RoJGiEDvK/DLK14TPhyzHwN/tBJ9w3dOBEvyjWTxka4=;
        b=Gh1+DIf0VrrhHWmfe1rNrdpyTtWpPA5cVkVp0T/TGqnEG9saos7vxF2PFXaau2mhCQ
         mtykyDv14WcLl0CzKBGfZNzXXpbvtU0ZKUuXr9+m59ucmOuCZmn97FoT3atX4qiblQFe
         Q/yxiU3qKMkQpkAaCOO2aPDe7+tmQ/9Z6PHeX9bcgf07i+iVsdtEzQ/Y0pOtYvl6Idi8
         Rja/RBsf10jzY1owAJwa1/hjZoRyncCfN22TgqJvaO7e77nwJl7OfG1UCA5Nj/+n5ijc
         Ye5VW4ykIQIKVbCx6EwzbjBJGqS8vgFsap5C4VfSHLcyIOjlwa2ZhXGUbrQ6milVqqJn
         5jcA==
X-Gm-Message-State: AOJu0YxpvBWzCYtar1E8jYd/YGWxxDugbsAiqQ0OJdLVfNJtVllVU4YZ
	DdmG9XJACJBLbCwjKbeq+QtfMwpKp3yPdSkrTgmxQbcytQuUCnkLPksXequqTBcvoP9LvRm+2MS
	W3/39OoMxrHhkqDiaJoQ2Cn8WvpKqYA==
X-Google-Smtp-Source: 
 AGHT+IGvbfbcG9OY6cOyPvmPAPit2LN6Q1pv9Pr6nSBVK7kfY8SENoYH9Ptr5dYMbZczXyw8+2xexQ3seVzUxLqoNJk=
X-Received: by 2002:a05:6214:4588:b0:6c5:8341:b00c with SMTP id
 6a1803df08f44-6c58341b11emr307824066d6.42.1726672415504; Wed, 18 Sep 2024
 08:13:35 -0700 (PDT)
MIME-Version: 1.0
From: AjithKumar Kannan <ajithz2307@gmail.com>
Date: Wed, 18 Sep 2024 20:43:24 +0530
Message-ID: 
 <CAK3_n79UmR3xETB9od9Rhpt2cd4e=1tmp9rwooTaVNO5Aw4SHg@mail.gmail.com>
Subject: Postgres - SSL connection using only root CA
To: pgsql-admin@lists.postgresql.org
Content-Type: multipart/alternative; boundary="000000000000f83fe20622663f96"
List-Id: <pgsql-admin.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-admin@lists.postgresql.org>
List-Owner: <mailto:pgsql-admin-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-admin>
Archived-At: 
 <https://www.postgresql.org/message-id/CAK3_n79UmR3xETB9od9Rhpt2cd4e%3D1tmp9rwooTaVNO5Aw4SHg%40mail.gmail.com>
Precedence: bulk

--000000000000f83fe20622663f96
Content-Type: text/plain; charset="UTF-8"

Hi Team,

Im looking for an option to connect the Postgres DB with only the root CA
file instead of all three cert files (rootca, server, and key).

I have tried the SSL mode as verify-ca in hba config and was trying to
connect the DB using only ca, but that did not succeed. In Postgres, do we
have any option to use only rootca for SSL connections?

Regards,
Ajith

--000000000000f83fe20622663f96
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">Hi Team,<div dir=3D"auto"><br></div><div dir=3D"auto"><di=
v dir=3D"auto">Im looking for an option to connect the Postgres DB with onl=
y the root CA file instead of all three cert files (rootca, server, and key=
).</div><div dir=3D"auto"><br></div><div dir=3D"auto">I have tried the SSL =
mode as verify-ca in hba config and was trying to connect the DB using only=
 ca, but that did not succeed. In Postgres, do we have any option to use on=
ly rootca for SSL connections?=C2=A0</div></div><div dir=3D"auto"></div><di=
v dir=3D"auto"><br></div><div dir=3D"auto">Regards,</div><div dir=3D"auto">=
Ajith</div><div dir=3D"auto"><br></div><div dir=3D"auto"><br></div><div dir=
=3D"auto"><br></div><div dir=3D"auto"><br></div></div>

--000000000000f83fe20622663f96--