Обсуждение: [ADMIN] pg_hba.conf and hostssl all all 999.999.999.0/24 cert and use ofletsencrypt.org software

Поиск
Список
Период
Сортировка

[ADMIN] pg_hba.conf and hostssl all all 999.999.999.0/24 cert and use ofletsencrypt.org software

От
Poul Kristensen
Дата:

Hi!

Does anyone know if letsencrypt can be used to authenticate host(client) to host (PostgreSQL)? 
The goal is to let the client authenticate againts the certificate registered
in an openLDAP and use letsencrypt.org software. 
The PostgreSQL host is going to run the openLDAP too.

Have anyone tried this?

TIA

Poul 
  

Re: [ADMIN] pg_hba.conf and hostssl all all 999.999.999.0/24 cert anduse of letsencrypt.org software

От
"Gunnar \"Nick\" Bluth"
Дата:
Am 01/25/2017 um 02:45 PM schrieb Poul Kristensen:
>
> Hi!

Hi Poul,


> Does anyone know if letsencrypt can be used to authenticate host(client)
> to host (PostgreSQL)?
> The goal is to let the client authenticate againts the certificate
> registered
> in an openLDAP and use letsencrypt.org <http://letsencrypt.org> software.
> The PostgreSQL host is going to run the openLDAP too.
>
> Have anyone tried this?

I'm wondering if you really thought this through... why would you want
to rely on a (rather trustworthy, but alas!) CA to manage your
certificates when you can use your own (google "easyrsa") CA without any
significant hassle?

But maybe I'm missing something ;-)

Cheers,
--
Gunnar "Nick" Bluth
DBA ELSTER

Tel:   +49 911/991-4665
Mobil: +49 172/8853339


Re: [ADMIN] pg_hba.conf and hostssl all all 999.999.999.0/24 cert anduse of letsencrypt.org software

От
Magnus Hagander
Дата:


On Jan 25, 2017 14:47, "Poul Kristensen" <bcc5226@gmail.com> wrote:

Hi!

Does anyone know if letsencrypt can be used to authenticate host(client) to host (PostgreSQL)? 
The goal is to let the client authenticate againts the certificate registered
in an openLDAP and use letsencrypt.org software. 
The PostgreSQL host is going to run the openLDAP too.

Have anyone tried this?
  


Letsencrypt does not issue client certificates, so it won't work. 

/Magnus