Re: configuring openssl for postgres 9.2 for the first time

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Ray,
I just tried your suggestion:
  hostssl  all                all          0.0.0.0/0        
     md5 clientcert=1

and got the same error:
  no pg_hba.conf entry for host "10.10.4.34", user "postgres", database "marktst", SSL off

perhaps if I can get some insight as to how to determine what sslmode,  (if any) my client
is subscribed to, then I can follow through further with Ray's recommendation.

thanks for any help,


On Fri, Jan 31, 2014 at 5:48 PM, Ray Stell <stellr@xxxxxx> wrote:

On Jan 30, 2014, at 2:00 PM, Mark Steben <mark.steben@xxxxxxxxxxxxxxxxx> wrote:

Hello,

We are looking to provide openssl methodology into our testing environment.  I've run into this issue
when attempting to access from a client to a remote postgres server after SSL configuration:

from client 10.10.4.34:
psql -U postgres marktst -h 10.10.4.52
psql: FATAL:  no pg_hba.conf entry for host "10.10.4.34", user "postgres", database "marktst", SSL off



You might back off from ssl, client authentication just to see what happens with:

hostssl  all                all          0.0.0.0/0             md5 clientcert=1

this will provide the client auth of the server and require a password auth for the client.  Hopefully that works first.  I've seen your msg and had some effect with the following env variable, but it's probably a long shot: 

"PGSSLMODE behaves the same as the sslmode"
PGSSLMODE=verify-full will cause the client to verify that the CN on the server certificate matches the hostname of the server.  disable will only try a non-SSL connection which will not be compatible with the pg_hba config.

It is a bit of a fishing expedition.




--
Mark Steben
 Database Administrator
@utoRevenue | Autobase 
  CRM division of Dominion Dealer Solutions 
95D Ashley Ave.
West Springfield, MA 01089
t: 413.327-3045
f: 413.383-9567

www.fb.com/DominionDealerSolutions
www.twitter.com/DominionDealer
 www.drivedominion.com





[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux