Re: could not accept ssl connection tlsv1 alert iso-8859-1 ca
| От | Adrian Klaver |
|---|---|
| Тема | Re: could not accept ssl connection tlsv1 alert iso-8859-1 ca |
| Дата | |
| Msg-id | d3d3353a-f25a-4571-88a7-171aa228a8b2@aklaver.com обсуждение исходный текст |
| Ответ на | Re: Re: could not accept ssl connection tlsv1 alert iso-8859-1 ca ("Zwettler Markus (OIZ)" <Markus.Zwettler@zuerich.ch>) |
| Список | pgsql-general |
On 1/31/25 08:57, Zwettler Markus (OIZ) wrote: > bash-4.4$ cat pg_hba.conf > # Do not edit this file manually! > # It will be overwritten by Patroni! > local all "postgres" peer > hostssl replication "_crunchyrepl" all cert > hostssl "postgres" "_crunchyrepl" all cert > host all "_crunchyrepl" all reject > host all "ccp_monitoring" "127.0.0.0/8" scram-sha-256 > host all "ccp_monitoring" "::1/128" scram-sha-256 > host all "ccp_monitoring" all reject > hostssl all all all md5 From here: https://www.postgresql.org/docs/17/ssl-tcp.html#SSL-CLIENT-CERTIFICATES "There are two approaches to enforce that users provide a certificate during login. The first approach makes use of the cert authentication method for hostssl entries in pg_hba.conf, such that the certificate itself is used for authentication while also providing ssl connection security. [...] The second approach combines any authentication method for hostssl entries with the verification of client certificates by setting the clientcert authentication option to verify-ca or verify-full. ... " Is the client having issues trying a connection that matches either of the lines below?: hostssl replication "_crunchyrepl" all cert hostssl "postgres" "_crunchyrepl" all cert > > > -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: