Hi all,
After upgrading to 13.11, Publisher no longer accepts cert of subscriber.
Certs have been issued by internal CA.
Subscriber:
,DEBUG,00000,"starting logical replication worker for subscription ""meteo""",,,,,,,,,"","logical replication launcher"
EBUG,00000,"registering background worker ""logical replication worker for subscription
16486""",,,,,,,,,"","postmaster"
EBUG,00000,"starting background worker process ""logical replication worker for subscription
16486""",,,,,,,,,"","postmaster"
0,LOG,00000,"logical replication apply worker for subscription ""meteo"" has started",,,,,,,,,"","logical replication
worker"
EBUG,00000,"connecting to publisher using connection string ""host=<some FQDN> port=5432 user=replicator
dbname=operations""",,,,,,,,,"","logicalreplication worker"
RROR,XX000,"could not connect to the publisher: SSL error: sslv3 alert certificate expired",,,,,,,,,"","logical
replicationworker"
EBUG,00000,"unregistering background worker ""logical replication worker for subscription
16486""",,,,,,,,,"","postmaster"
OG,00000,"background worker ""logical replication worker"" (PID 92845) exited with exit code 1",,,,,,,,,"","postmaster"
Servercert:
Not Before: Aug 18 09:12:35 2022 GMT
Not After : Aug 29 09:12:35 2023 GMT
Publisher:
"connection received: host=<some IP6> port=32501",,,,,,,,,"","not initialized"
"could not accept SSL connection: certificate verify failed",,,,,,,,,"","not initialized"
Servercert:
Version: 3 (0x2)
Serial Number:
37:19:dc:15:5c:e7:4e:b8:46:b0:a7:49:73:6a:9b:fa:c3:27:a0:6b
Signature Algorithm: sha384WithRSAEncryption
Issuer: <…> internal CA
Validity
Not Before: Aug 18 09:12:35 2022 GMT
Not After : Aug 29 09:12:35 2023 GMT
Subject: CN = <some FQDN>
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
What has changed with SSL in 13.11 ?
How can I find out what really goes wrong here ?
How to fix it.
Any help appreciated,
Axel
---
PGP-Key: CDE74120 ☀ mobile: +49 160 7568212
computing @ chaos claudius