Re: certs in connection string

On 2/15/21 8:23 AM, Laurenz Albe wrote:
> On Sat, 2021-02-13 at 09:57 -0700, Rob Sargent wrote:
>> I’m confused, as usual, about using a cert in a connection string.  I wish to connect form a
>>   “middle ware” piece to PG on be half of various clients.  Does each client need a corresponding
>>   cert/key or is the certification intended to say the sending machine is who it says it is
>>   (thereby needing only one cert)
> 
> They can share one certificate.
> 
> https://www.postgresql.org/docs/current/auth-cert.html:
> 
>    When using this authentication method, the server will require that the client provide a valid,
>    trusted certificate. No password prompt will be sent to the client. The cn (Common Name)
>    attribute of the certificate will be compared to the requested database user name, and if they
>    match the login will be allowed.
> 
> Yours,
> Laurenz Albe
> 
Thank you.

Since I wish to make the jdbc connection using the role's login (for 
search_path, I take it I will make role-specific certs, setting the CN 
accordingly. (I do know which role I need for each connection request 
and can set the dbname as well).