On Thu, 29 Jan 2009 12:53:20 -0500 Tom Lane <t...@sss.pgh.pa.us> wrote:
> Ivan Sergio Borgonovo <m...@webthatworks.it> writes: > > I succeded to connect to one postgresql server with ssl. > > Now it's the time of the second... but postgresql clients (pgsql) > > just look at ~/.postgresql/postgresql.(key|crt) > > So I can't put in ~/.postgresql/ another [].crt coming from > > another server. > Not an ssl expert, but I think you just concatenate all the keys > you need into the one text file. I did a cat new.(crt|key) >> postgresql.(crt|key) on the client. The old "server" still work. The new one still doesn't. I took notes on how I did the first time and I think they were enough detailed to repeat the process but I've to admit I really didn't understand what I did the first time, so I'm not absolutely sure if I really did it right. Somehow I haven't been able to find an howto that really explain how to do it and grasp enough to be confident to bend it enough to a bit broader context. I just know that eg. auto-signing a certificate for apache is much easier and doesn't involve moving files across client and server. I think a clearer guide from some pg/ssl guru will be certainly very welcome by all the users. The server is not complaining... actually it is the client that is not able to reply with a proper key. -- Ivan Sergio Borgonovo http://www.webthatworks.it -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
