public inbox for [email protected]
help / color / mirror / Atom feedFrom: Duygu Hasan <[email protected]>
To: [email protected]
Subject: Pg client certificate auth
Date: Tue, 29 Apr 2025 13:43:49 +0300
Message-ID: <CAD=oMR34FvA1rKon+rYvBiYhzqvbQb+Jj1ZkmSeugrTTqOLJcg@mail.gmail.com> (raw)
Hello,
I am trying to deploy a PG db with client certificate auth. I have read the
documentation, but I have a few questions. One of my goals is to be able to
use two different CAs and as far as I see there is only one ssl_ca_file, I
have tried to concatenate my certs as cert chain and use them, it seems to
be working.
Since it's not fully documented, do you think this approach won't cause any
problems in the future? Generally, I need this because when I have
multiple pg servers (primary and standby) I need to use SSL. So PG
requires the standby represents a valid client cert, but the client cert ca
I need to use for the standby can be different from the client cert ca that
will be issuing the other certs that I will be giving to the standard
users.
Thanks,
Duygu
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: Pg client certificate auth
In-Reply-To: <CAD=oMR34FvA1rKon+rYvBiYhzqvbQb+Jj1ZkmSeugrTTqOLJcg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox