"sergio.cinos@xxxxxxxxx (IMAP)" <sergio.cinos@xxxxxxxxx> writes: > I see a strange behaviour using root.crt. PostgreSQL always waits a > client certificate to check agains root.crt. But I set up a > 'hostnossl' auth line un pg_hba.conf, PostgreSQL still wants a client > certificate. If your client first tries to connect with SSL, it seems likely that the certificate check would occur before we examine pg_hba.conf and decide to reject the connection on that basis. But your client should then retry without SSL. See libpq's "sslmode" parameter and PGSSLMODE environment variable if you want it to try in the other order. regards, tom lane
