On 03/07/2013 12:42 PM, Ray Stell wrote:
What Tom said works for me. Here is a page that gives an example and I think
it demonstrates that the root CA does not allow everybody in the gate, the
chain has to be in place:
Ian Pilcher arequip...@gmail.com writes:
I am trying to configure PostgreSQL 8.4 to trust an intermediate CA for
client certificate validation -- without trusting everything signed by
the root CA (or a different intermediate CA). Given the following CA
hierarchy, for example, I would like to
On 03/07/2013 08:28 AM, Tom Lane wrote:
Maybe I'm missing something, but I don't see why you'd expect a
different result. That leaves you with no way to validate the server's
own certificate.
I don't follow. Why would the server need to validate it's own
certificate?
--
On Mar 7, 2013, at 9:37 AM, Ian Pilcher wrote:
On 03/07/2013 08:28 AM, Tom Lane wrote:
Maybe I'm missing something, but I don't see why you'd expect a
different result. That leaves you with no way to validate the server's
own certificate.
I don't follow. Why would the server need to
I am trying to configure PostgreSQL 8.4 to trust an intermediate CA for
client certificate validation -- without trusting everything signed by
the root CA (or a different intermediate CA). Given the following CA
hierarchy, for example, I would like to trust *only* client certificates
signed by