Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1uNyeE-00D6P5-P7
	for pgsql-general@arkaria.postgresql.org; Sat, 07 Jun 2025 18:52:06 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1uNyeC-00EgiP-Q5
	for pgsql-general@arkaria.postgresql.org; Sat, 07 Jun 2025 18:52:05 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <kobruleht2@hot.ee>)
	id 1uNnDW-008OST-UK
	for pgsql-general@lists.postgresql.org; Sat, 07 Jun 2025 06:39:47 +0000
Received: from smtpout05.dka.mailcore.net ([185.138.56.205])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <kobruleht2@hot.ee>)
	id 1uNnDV-000fkW-2C
	for pgsql-general@postgresql.org;
	Sat, 07 Jun 2025 06:39:47 +0000
Received: from SMTP.DKA.mailcore.net (unknown [10.1.0.52])
	by SMTPOUT01.DKA.mailcore.net (Postfix) with ESMTP id 76767E004B
	for <pgsql-general@postgresql.org>; Sat,  7 Jun 2025 08:39:44 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=online.ee;
	s=mailcore; t=1749278384;
	bh=JevmHYe0HNoY8B7zRaVpWqOlGX6ohpkpIRPuQdd2irE=;
	h=Date:To:From:Subject:From;
	b=tv+bSZ2tMCrgb80tlPcS36B1upGBocL37zoRNXqi7LOEu/4FWweGev2qv2Lc/CI38
	 8YymMjQ4bnlOhjhpVv+MzExEyYeu4OukaEhOwouk5r8ISHv6uTIO0xD4LpXpAtFn8B
	 Yx5GNpGGgpi8Oj9tHiq0ddQFUsayOuZIfaLb9PzU5P5YxBXTJDE2P1RvAszrbjPW7q
	 C5ePpvk4v0oQgPN+9at1+CUolF87UlUtT3U+Y9f+yXt53qTmvwpT0AXNrvpX6dWoJq
	 7Y5Ym3zjKgEu6xADnI2iaZCe22e9lzoN3AkqfSPRbSNBHUJa/HmTAxlMRWeWu1QFGJ
	 jhjbmPpJSjkBg==
Received: from [192.168.1.38] (73-142-35-213.sta.estpak.ee [213.35.142.73])
	by SMTP.DKA.mailcore.net (Postfix) with ESMTPSA id 65498401AF
	for <pgsql-general@postgresql.org>; Sat,  7 Jun 2025 08:39:44 +0200 (CEST)
Content-Type: multipart/alternative;
 boundary="------------X1mOAzZFTh0wttRyiVBOOF08"
Message-ID: <77196b85-f79e-4c9a-afef-8b5ad6f0ee44@hot.ee>
Date: Sat, 7 Jun 2025 09:40:02 +0300
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: et
To: pgsql-general <pgsql-general@postgresql.org>
From: Andrus <kobruleht2@hot.ee>
Subject: How to use cert authentication with pg_dump in windows
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/77196b85-f79e-4c9a-afef-8b5ad6f0ee44%40hot.ee>
Precedence: bulk

This is a multi-part message in MIME format.
--------------X1mOAzZFTh0wttRyiVBOOF08
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Hi!

Postgres 17 server certificate is issued by RapidSsl for 
server.mydomain.com

PostgreSQL 17 client certificate is created using this tutorial[1].

pg_hba.conf first line contains:

hostssl all varukoopia ::/0 cert


Trying to use it on Windows Server:

set PGSSLCERT=client.crt
set PGSSLKEY=client.key
set PGSSLROOTCERT=system
"c:\Program Files\PostgreSQL\17\bin\pg_dump" --verbose -b -f 
"test.backup" -F c -h localhost -p 5432 -U varukoopia mydatabase

Throws this error:

 > pg_dump: error: connection to server at "localhost" (::1), port 5432 
failed: SSL error: unregistered scheme

How to use the client certificate with `pg_dump`?

According to https://github.com/EnterpriseDB/edb-installers/issues/264

windows system certificate store is not supported. How to specify root 
certificates or disable certificate verification? Certtificate can used 
only to log on to postgres without password.

   [1]: 
https://docs.devart.com/studio-for-postgresql/connecting-to-db/generating-ssl-certificate.html


Andrus

--------------X1mOAzZFTh0wttRyiVBOOF08
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<!DOCTYPE html>
<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hi!<br>
    </p>
    <p>Postgres 17 server certificate is issued by RapidSsl for
      server.mydomain.com <br>
    </p>
    <p>PostgreSQL 17 client certificate is created using this
      tutorial[1].<br>
      <br>
      pg_hba.conf first line contains:<br>
      <br>
      hostssl all varukoopia ::/0 cert<br>
      <br>
      <br>
      Trying to use it on Windows Server: <br>
      <br>
      set PGSSLCERT=client.crt<br>
      set PGSSLKEY=client.key<br>
      set PGSSLROOTCERT=system<br>
      "c:\Program Files\PostgreSQL\17\bin\pg_dump" --verbose -b -f
      "test.backup" -F c -h localhost -p 5432 -U varukoopia mydatabase<br>
      <br>
      Throws this error:<br>
      <br>
      &gt; pg_dump: error: connection to server at "localhost" (::1),
      port 5432 failed: SSL error: unregistered scheme<br>
      <br>
      How to use the client certificate with `pg_dump`?<br>
      <br>
      According to
      <a class="moz-txt-link-freetext" href="https://github.com/EnterpriseDB/edb-installers/issues/264">https://github.com/EnterpriseDB/edb-installers/issues/264</a><br>
      <br>
      windows system certificate store is not supported. How to specify
      root certificates or disable certificate verification?
      Certtificate can used only to log on to postgres without password.<br>
      <br>
        [1]:
<a class="moz-txt-link-freetext" href="https://docs.devart.com/studio-for-postgresql/connecting-to-db/generating-ssl-certificate.html">https://docs.devart.com/studio-for-postgresql/connecting-to-db/generating-ssl-certificate.html</a></p>
    <p><br>
    </p>
    <p>Andrus<br>
    </p>
  </body>
</html>

--------------X1mOAzZFTh0wttRyiVBOOF08--