Re: tlsv1 alert iso-8859-1 ca error on cert authentication
| От | Andrus |
|---|---|
| Тема | Re: tlsv1 alert iso-8859-1 ca error on cert authentication |
| Дата | |
| Msg-id | 1f713b36-4903-446b-ac25-b4460f9fe3d1@hot.ee обсуждение исходный текст |
| Ответ на | Re: tlsv1 alert iso-8859-1 ca error on cert authentication (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-bugs |
Hi!
>Hm. This example works fine for me on RHEL8. Evidently your openssl installation is set up to reject self-signed certificates by default.
Tried with RapidSSL cert for user varukoopia. Error message is the same.
I note that in my installation, /etc/pki/tls/openssl.cnf contains [ req ] ... x509_extensions = v3_ca # The extensions to add to the self signed cert ... [ v3_ca ] # Extensions for a typical CA ... # Key usage: this is typical for a CA certificate. However since it will # prevent it being used as an test self-signed certificate it is best # left out by default. # keyUsage = cRLSign, keyCertSign Perhaps in your configuration file, that option is active?
It is not active.
Tried self signed cert for user varukoopia, but error message is the same.
Tried with
log_min_messages = debug5
but log does not contain more information about error
Certs used and openssl conf were sent to Tom as message attachments.
Andrus
В списке pgsql-bugs по дате отправления: