Re: configuring openssl for postgres 9.2 for the first time
| От | Ray Stell |
|---|---|
| Тема | Re: configuring openssl for postgres 9.2 for the first time |
| Дата | |
| Msg-id | 0ECC8D78-AB31-4E05-A7A1-C9CC24E99F42@vt.edu обсуждение исходный текст |
| Ответ на | configuring openssl for postgres 9.2 for the first time (Mark Steben <mark.steben@drivedominion.com>) |
| Ответы |
Re: configuring openssl for postgres 9.2 for the first time
|
| Список | pgsql-admin |
On Jan 30, 2014, at 2:00 PM, Mark Steben <mark.steben@drivedominion.com> wrote:
when attempting to access from a client to a remote postgres server after SSL configuration:Hello,We are looking to provide openssl methodology into our testing environment. I've run into this issue
from client 10.10.4.34:
psql -U postgres marktst -h 10.10.4.52
psql: FATAL: no pg_hba.conf entry for host "10.10.4.34", user "postgres", database "marktst", SSL off
You might back off from ssl, client authentication just to see what happens with:
hostssl all all 0.0.0.0/0 md5 clientcert=1
this will provide the client auth of the server and require a password auth for the client. Hopefully that works first. I've seen your msg and had some effect with the following env variable, but it's probably a long shot:
"PGSSLMODE behaves the same as the sslmode"
PGSSLMODE=verify-full will cause the client to verify that the CN on the server certificate matches the hostname of the server. disable will only try a non-SSL connection which will not be compatible with the pg_hba config.
It is a bit of a fishing expedition.
Вложения
В списке pgsql-admin по дате отправления: