Re: SSL Certificates in Windows 7 & Postgres 9.3
От | Adrian Klaver |
---|---|
Тема | Re: SSL Certificates in Windows 7 & Postgres 9.3 |
Дата | |
Msg-id | 548F4B22.1060700@aklaver.com обсуждение исходный текст |
Ответ на | SSL Certificates in Windows 7 & Postgres 9.3 (harpagornis <shenlong@runbox.com>) |
Список | pgsql-general |
On 12/15/2014 11:41 AM, harpagornis wrote: > I am trying to connect using SSL in Windows 7 and Postgres v9.3. The console > output error message is "Failed to establish a connection to 127.0.0.1" The > error message from the pg_log is: > ----------------------------------------------------------- > 2014-12-15 19:20:24 GMT FATAL: connection requires a valid client > certificate > 2014-12-15 19:20:25 GMT FATAL: connection requires a valid client > certificate > 2014-12-15 19:20:26 GMT FATAL: no pg_hba.conf entry for host "127.0.0.1", > user "SYSTEM", database "postgres", SSL off > 2014-12-15 19:20:55 GMT LOG: could not accept SSL connection: No connection > could be made because the target machine actively refused it. > ----------------------------------------------------------- > This is the connection string from the console app. > > string conStr = > "Server=127.0.0.01; " + > "User Id=my_role; " + > "Password=''; " + > "Database=dbname; " + > "SSL=True; " + > "Sslmode=Require; "; > > ----------------------------------------------------------- > This is the pg_hba.conf > hostssl all all 127.0.0.1/32 cert clientcert=1 > hostssl all all ::1/128 cert clientcert=1 > ----------------------------------------------------------- > This is the postgresql.conf > > listen_addresses = '*' > port = 5432 > max_connections = 100 > ssl = on > ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH' > ssl_renegotiation_limit = 512MB > ssl_cert_file = 'server.crt' > ssl_key_file = 'server.key' > ssl_ca_file = 'root.crt' > password_encryption = off > shared_buffers = 128MB > ----------------------------------------------------------- > I followed all documentation for creating the certificates, ie. > ----------------------------------------------------------- > Server Side > openssl genrsa -des3 -out server.key 2048 > openssl rsa -in server.key -out server.key > openssl req -new –key server.key -days 3650 -out server.crt –config > "D:\openssl\v9.8\openssl.cnf” > ----------------------------------------------------------- > Client Side > openssl genrsa -des3 -out postgresql.key 2048 > openssl rsa -in postgresql.key -out postgres.key > openssl req -new -key postgresql.key -out postgresql.csr –config > "D:\openssl\v9.8\openssl.cnf” > copy server.crt root.crt > openssl x509 -req -in postgresql.csr -CA root.crt -CAkey server.key -out > postgresql.crt -CAcreateserial > ---------------------------------------------------------- > Windows Pkcs12 file: > openssl pkcs12 -export -out postgrcli.p12 -name "My Certificate" -in > postgresql.crt > -inkey postgresql.key > ----------------------------------------------------------- > The Visual Studio solution includes as a project / reference, the source > code of Npgsql v2.2.0. > However, the program never reaches any of the breakpoints I put throughout > the Npgsql code . > ----------------------------------------------------------- > I really need some help, please. Any suggestions? I have scoured the > documentation and the internet. Maybe I can try a psql command. What would > that command be with the certificate included? Thank you in advance. Did you set the CN of the client certificate to the user that you are connecting as. For a good run through/explanation see: http://www.howtoforge.com/postgresql-ssl-certificates > > > > -- > View this message in context: http://postgresql.nabble.com/SSL-Certificates-in-Windows-7-Postgres-9-3-tp5830749.html > Sent from the PostgreSQL - general mailing list archive at Nabble.com. > > -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: