Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1srbnF-003BWb-8V for pgsql-admin@arkaria.postgresql.org; Fri, 20 Sep 2024 11:27:21 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1srbnC-003tyY-UE for pgsql-admin@arkaria.postgresql.org; Fri, 20 Sep 2024 11:27:20 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1srbnC-003tyL-IT for pgsql-admin@lists.postgresql.org; Fri, 20 Sep 2024 11:27:19 +0000 Received: from mail-qv1-xf31.google.com ([2607:f8b0:4864:20::f31]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1srbnB-000AAC-9f for pgsql-admin@lists.postgresql.org; Fri, 20 Sep 2024 11:27:18 +0000 Received: by mail-qv1-xf31.google.com with SMTP id 6a1803df08f44-6c56eec7fccso12167426d6.3 for ; Fri, 20 Sep 2024 04:27:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726831636; x=1727436436; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=UxUP+dtYdvmgYCAHABEABWl1xsYtJsGwIZS79VRtEOM=; b=fzuBsCGBYO9SvoPftO1LE09uqMd13Ds0yJCFZ75ujsaNxI4TyXDLyMuZSZaCiQthfH Uj11hu5xN4+abDye6L+0SPEfmhv+BH4VBqumi4qvtV6WvUIACigXoWon5tf6DG2wyDE6 a7ICQwR+5SiyvryAJ7Sg8WONFV67vf5GSpANpJHTsTKj2MbnhAOgC3s949XlMElZVyfj RoluiZKatoIuZ0avI1uuEYz2GlLV6Ibpn52xeWqMQCeSZMH2YF+eSRc6Te5TlXd6JvLc s3zMrmjDvm3XsbV+XdAKeESzXndNWWJMGLP/w8pvd3CYsdaaQLKyKCEAO+48+TKR7ir+ /zJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726831636; x=1727436436; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UxUP+dtYdvmgYCAHABEABWl1xsYtJsGwIZS79VRtEOM=; b=nULEo8Hux23ImcMYevOfROi78akkmnAcqvv13s9vxLxqDTYYmmAh6aNrgs0B7ucbE+ M8O6mMgMgfDo7A9U3OniUApk4utUrunQWLYxg68HJqkQq5nhvWaQBFX2R2+JGVlqnhxS pewIRcvbOHOt3r/fYgYxnKlyQEam/sgVZLSmeuOQhnvTys0TCQjQZOsQ5cKtM3pIG6RH hmEcbvA8SCUQ7Qu18cBgXEMGxhuDNhww0eFQQ1949SU3o0vyL3YW2YSX/NuqRIQ+bXve xbQ9rHPViicJHAs69cb+F8/oDR2POP8y/43Z2KpSdON+jxnrbjNJD/m+6rcTsQjf3gpd ykEA== X-Gm-Message-State: AOJu0YyQi6lLJQCyO4eJC1Tp9UEqE2UX09pj4JeFge46yy5GbSVexSRK pNPh4KTAXUSsLGgzRzo2woJKe/BocCqIwFZW82Fh1Rls67DwBiaEcJdaa8YmxQyZAda2blnXZUP FD0KjUcdJ4/qXLpoVrKwq1zbgwqQ= X-Google-Smtp-Source: AGHT+IFWcXamMAOWBTGMpfeRAzlvuUCaYas4x5BRUS2rT449x1jhvvmROqt78286AR2Y09IRy1zvhxNitP4XrdqZRN4= X-Received: by 2002:a05:6214:2b97:b0:6c4:6217:da9c with SMTP id 6a1803df08f44-6c7bc6a9e4bmr33316926d6.17.1726831636302; Fri, 20 Sep 2024 04:27:16 -0700 (PDT) MIME-Version: 1.0 References: <46B9DE0A-9BD6-44B5-ABA2-2B459DD6857E@elevated-dev.com> In-Reply-To: <46B9DE0A-9BD6-44B5-ABA2-2B459DD6857E@elevated-dev.com> From: AjithKumar Kannan Date: Fri, 20 Sep 2024 16:57:05 +0530 Message-ID: Subject: Re: Postgres - SSL connection using only root CA To: Scott Ribe Cc: pgsql-admin@lists.postgresql.org Content-Type: multipart/alternative; boundary="00000000000044d34506228b5290" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --00000000000044d34506228b5290 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Scott, Thanks for your response. So can we connect using rootca and key? Regards, Ajith On Wed, 18 Sept, 2024, 8:48=E2=80=AFpm Scott Ribe, wrote: > SSL without a key is not a thing. > > -- > Scott Ribe > scott_ribe@elevated-dev.com > https://www.linkedin.com/in/scottribe/ > > > > > On Sep 18, 2024, at 9:13=E2=80=AFAM, AjithKumar Kannan > wrote: > > > > I have tried the SSL mode as verify-ca in hba config and was trying to > connect the DB using only ca, but that did not succeed. In Postgres, do w= e > have any option to use only rootca for SSL connections? > > > > --00000000000044d34506228b5290 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Scott,

Thanks for your response. So can we connect usi= ng rootca and key?

Regards,
Ajith

On Wed, 18 Sept, 2024, 8:48=E2= =80=AFpm Scott Ribe, <sco= tt_ribe@elevated-dev.com> wrote:
SSL without a key is not a thing.

--
Scott Ribe
scott_ribe@elevated-dev.com
https://www.linkedin.com/in/scottribe/



> On Sep 18, 2024, at 9:13=E2=80=AFAM, AjithKumar Kannan <ajithz230= 7@gmail.com> wrote:
>
> I have tried the SSL mode as verify-ca in hba config and was trying to= connect the DB using only ca, but that did not succeed. In Postgres, do we= have any option to use only rootca for SSL connections?
>

--00000000000044d34506228b5290--