Обсуждение: [ADMIN] pg_hba.conf and hostssl all all 999.999.999.0/24 cert and use ofletsencrypt.org software
[ADMIN] pg_hba.conf and hostssl all all 999.999.999.0/24 cert and use ofletsencrypt.org software
От
Poul Kristensen
Дата:
Hi!
Does anyone know if letsencrypt can be used to authenticate host(client) to host (PostgreSQL)?
The goal is to let the client authenticate againts the certificate registered
in an openLDAP and use letsencrypt.org software.
The PostgreSQL host is going to run the openLDAP too.
Have anyone tried this?
TIA
Poul
Re: [ADMIN] pg_hba.conf and hostssl all all 999.999.999.0/24 cert anduse of letsencrypt.org software
От
"Gunnar \"Nick\" Bluth"
Дата:
Am 01/25/2017 um 02:45 PM schrieb Poul Kristensen: > > Hi! Hi Poul, > Does anyone know if letsencrypt can be used to authenticate host(client) > to host (PostgreSQL)? > The goal is to let the client authenticate againts the certificate > registered > in an openLDAP and use letsencrypt.org <http://letsencrypt.org> software. > The PostgreSQL host is going to run the openLDAP too. > > Have anyone tried this? I'm wondering if you really thought this through... why would you want to rely on a (rather trustworthy, but alas!) CA to manage your certificates when you can use your own (google "easyrsa") CA without any significant hassle? But maybe I'm missing something ;-) Cheers, -- Gunnar "Nick" Bluth DBA ELSTER Tel: +49 911/991-4665 Mobil: +49 172/8853339
Re: [ADMIN] pg_hba.conf and hostssl all all 999.999.999.0/24 cert anduse of letsencrypt.org software
От
Magnus Hagander
Дата:
On Jan 25, 2017 14:47, "Poul Kristensen" <bcc5226@gmail.com> wrote:
Hi!Does anyone know if letsencrypt can be used to authenticate host(client) to host (PostgreSQL)?The goal is to let the client authenticate againts the certificate registeredin an openLDAP and use letsencrypt.org software.The PostgreSQL host is going to run the openLDAP too.Have anyone tried this?
Letsencrypt does not issue client certificates, so it won't work.
/Magnus