Re: Trust intermediate CA for client certificates
| От | Bruce Momjian |
|---|---|
| Тема | Re: Trust intermediate CA for client certificates |
| Дата | |
| Msg-id | 20131202210249.GL5274@momjian.us обсуждение исходный текст |
| Ответ на | Re: Trust intermediate CA for client certificates (Andrew Dunstan <andrew@dunslane.net>) |
| Ответы |
Re: Trust intermediate CA for client certificates
|
| Список | pgsql-hackers |
On Mon, Dec 2, 2013 at 03:57:45PM -0500, Andrew Dunstan wrote: > > On 12/02/2013 03:44 PM, Tom Lane wrote: > >Bruce Momjian <bruce@momjian.us> writes: > >>Let me ask a simple question --- can > >>you put only the client cert on the client (postgresql.crt) and only the > >>root cert on the server (root.crt), and will it work? > >Yes, that's surely always worked. > > Not if the client has been signed by an intermediate CA, surely. > Either the server must have the intermediate CA cert in its root.crt > or the client must supply it along with the end cert. Right. Tom is saying that for his openssl version, he had to have the client supply a certificate _matching_ something in the remote root.crt, not just signed by it. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. +
В списке pgsql-hackers по дате отправления: