Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sKekv-00BTyW-KQ for pgsql-general@arkaria.postgresql.org; Fri, 21 Jun 2024 13:56:45 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sKekt-001Lj6-M9 for pgsql-general@arkaria.postgresql.org; Fri, 21 Jun 2024 13:56:44 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sKJWI-009XLE-34 for pgsql-general@lists.postgresql.org; Thu, 20 Jun 2024 15:16:15 +0000 Received: from mail-lj1-x22c.google.com ([2a00:1450:4864:20::22c]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sKJWG-002GrP-De for pgsql-general@postgresql.org; Thu, 20 Jun 2024 15:16:13 +0000 Received: by mail-lj1-x22c.google.com with SMTP id 38308e7fff4ca-2ec3c0dada3so11902691fa.0 for ; Thu, 20 Jun 2024 08:16:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718896570; x=1719501370; darn=postgresql.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=A8CTQPwsw4U8oA5bxUTc0VXSb8tL6rA5fRuHyPobUCk=; b=DjZ3Y45wWOZ1XYTIxOu2SpiLBXWd4ubVMTU6Zbx6p3PlM9bZlV+H7J3GPi78pJoXpc L57WXoOpp2rVsErEECUD15+zJWrvX0gHbVF2n9IMOR5VL07kNhaZq4Ye3vE+V/Op2W2d XPvwgU3cIyMvtUoSzKfmhUKYFnQL8nKNh+/eQIcloeAkA/UW9aIRhq7HqQzoDovzy+cl WL1h2boFqB32eN749tVRlrpD34y7JDJlCLr8E6Hd06NS4O4XmHvSawxsE/S9siQqMfwf 6O3spH1QwSpywqYSrT+71gS2zYSOe1RcqU9RA7BrNSfaMc8U8RxZrQ5bKyxBiatIFHPJ d8QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718896570; x=1719501370; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=A8CTQPwsw4U8oA5bxUTc0VXSb8tL6rA5fRuHyPobUCk=; b=lMA0KT3QiLp8ELovWTs4bgD1MisZOiE/WoTcNnr6vn4hzgQDpmuwWEoJM7p1Rld9MJ N6oT7/3z76yNfwUJsttm9AVdJ2Za2/vwziCai90JJTFxqu0cmvUQGKHp1cqBHC6ongUd KcN1lnts27K4zGQ8DCaQi8QNgz8rktP06ueDdB0TCw9KaI/87Lleq2Kf/V4rPYM1Cm+w UUHq/QAlrmMZ6FybGywr7eAM1TIAH+cRnn1DXS2/nvGru5j/rcFGb2ySHR7fsLfsy762 jIzgUsIApcQnDeUPlh+4r3ZkdQwk0EgJaNH2dmFTJ7RmwEtVvuQEEZ/F3rz2cZSXbC4m 0lyA== X-Gm-Message-State: AOJu0Yy4qQXCyBoQmkgwIIINwersSkCSRa9aYml90cUTTu9r74EsKlzT 7pR3dZhAJRvchJFQQVm5fgNCkg0vO/QbLorDirJ/2ARd4MFoH8o0w6/aj0lZvh4byK6YG1N4/4n v9bp1Nkd4b1ndaSrSWPC7ocSG8V2WOw== X-Google-Smtp-Source: AGHT+IE5l+wx2RPhOUnUI8O9JzL1+Mj/DCXZw3SZUk0k3v7KjIcZWwqyPHtfZgFHNZCTGyh2j9z3gcQiaEiVptftLNU= X-Received: by 2002:a2e:888d:0:b0:2ec:42db:969c with SMTP id 38308e7fff4ca-2ec42db9714mr27246281fa.36.1718896570263; Thu, 20 Jun 2024 08:16:10 -0700 (PDT) MIME-Version: 1.0 From: Drew Zoellner Date: Thu, 20 Jun 2024 10:15:58 -0500 Message-ID: Subject: Replication using mTLS issue To: pgsql-general@postgresql.org, postgres@thewickedtribe.net Content-Type: multipart/alternative; boundary="00000000000079efdb061b53cb47" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --00000000000079efdb061b53cb47 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Postgres team, I=E2=80=99m receiving an issue matching pg_hba rules that= I can=E2=80=99t seem to sort out. I am trying to use mtls certificate authentication for physical replication connections but keep receiving the following error=E2= =80=A6 pg_receivewal: error: FATAL: no pg_hba.conf entry for replication connection from host "100.84.12.223", user "pgrepmgr_nonprod", SSL on My pg_hba.conf file contains hostssl replication pgrepmgr_nonprod 100.0.0.0/8 cert map=3Dpgrepmgr_nonpr= od_map I=E2=80=99ve made sure the rule comes first in my pg_hba.conf file or last. I=E2=80=99ve read the pg_hba documentation fully and tried with all values = for hostssl field, user field and ip field. Still no luck. Is cert authentication supported for replication connections? --00000000000079efdb061b53cb47 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Postgres team, I=E2=80=99m receiving an = issue matching pg_hba rules that I can=E2=80=99t seem to sort out. I am try= ing to use mtls certificate authentication for physical replication connect= ions but keep receiving the following error=E2=80=A6

pg_re= ceivewal: error: FATAL:=C2=A0 no pg_hba.conf entry for replication connecti= on from host "100.84.12.223", user "pgrepmgr_nonprod", = SSL on

<= /span>

<= /div>
My pg_hba.conf file contains

	hostssl replication pgrepmgr_nonprod 100.0.0.0/8 cert map=3Dpgrepmgr_nonprod_map

= 
I=E2=80=99ve made sure the rule comes first in my pg_hba.conf file or last. I=E2=
=80=99ve read the pg_hba documentation fully and tried with all values for =
hostssl field, user f=
ield and ip field. Still no luck.
Is cert authentication supp=
orted for replication connections?
--00000000000079efdb061b53cb47--