The problem was ODBC driver version :(
I update my driver from version 7.03.01 to 8.01.02 and it's working :)
Documentation say:
"If verification of client certificates is required, place the certificates
of the CA(s) you wish to check for in the file root.crt in the data
directory. When present, a client certificate will be requested from the
client during SSL connection startup, and it must have been signed by one of
the certificates present in root.crt. Certificate Revocation List (CRL)
entries are also checked if the file root.crl exists.
When the root.crt file is not present, client certificates will not be
requested or checked. In this mode, SSL provides communication security but
not authentication"
I am working without root.crt and root.crl
Now communication is security but not the authentication.
I will try to create certificates in the cliente and root.crt and
root.crl on the server.
I have both, windows and linux client and my servers are linux.
The hairy part is that the documentation does explain the creation of the
SSL stuff for the server but it fails to tell how to get the credentials
for the clients.
Do you now how create this credentials and root.crl?
thank you very much by your help.
From: Andreas <maps.on@xxxxxxx>
To: Fabricio Peñuelas <fabrixio1@xxxxxxxxxxx>
CC: pgsql-admin@xxxxxxxxxxxxxx
Subject: Re: ssl and odbc standar driver
Date: Wed, 08 Aug 2007 20:00:34 +0200
Fabricio Peñuelas schrieb:
I need to install something in the client?
Well, you obviously need the ODBC driver on the client
The certificate has to be named postgresql.crt
and the key postgresql.key.
this is for the client?
Yes. You need a key+cert pair for your client, too.
And it should not be the same as the server's ;)
The hairy part is that the documentation does explain the creation of the
SSL stuff for the server but it fails to tell how to get the credentials
for the clients.
Every user who is supposed to connect from this client-pc needs to have at
least those 2 files present in his/her "postgresql" folder. It needs to be
created in the user's personal data subtree above c:\documents and
settings\username\application data
We are talking about Windows as client, are we?
I haven't tried this with a Linux client but there it should be the folder
/home/username/postgresql
You wrote that you could connect with pgAdmin.
pgAdmin needs the same two files with ssl-credentials so if this worked on
your client, then there is something wrong with your connection string.
On the other hand since the server complains that you try to connect
without ssl, I'd rather think there is something wrong with your
ssl-credentials. I'd guess the driver cant find them.
sorry for my bad english... :)
no problem. It isn't my first language either.
_________________________________________________________________
Windows Live Spaces en Prodigy/MSN Spaces: Crea tu propio espacio.
http://spaces.live.com
---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings
