On 26/05/10 07:37, Tom Lane wrote:
Craig Ringer<cr...@postnewspapers.com.au> writes:
I do *not* have the CA cert concatenated onto server.crt. I'll have to
see if that works, because that's how it's usually done with OpenSSL.
Hmm. That case doesn't work for me; what does work is including the
intermediate cert in the server's root.crt.
Sorry, that was my poor choice of words.
s/the CA cert/the full certificate chain/g
It is the intermediate certs that the client may not have that are the
important ones. 'the CA' I was referring to was the _intermediate_ CA,
eg the company sub-CA; I just needed to be (a lot) clearer about it.
--
Craig Ringer
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs
