John Scalia <jayknowsunix@xxxxxxxxx> writes: > I've got SSL working without the crl file, but when I set ssl_crl_file to > use the one I have, it says FATAL on a restart and no SSL error reported. > This is not very helpful. Did you look into the postmaster log? Experimenting with an intentionally corrupted CRL file here, I get log messages along the lines of 2017-06-14 16:45:15.096 EDT [22759] LOG: parameter "ssl_crl_file" changed to "root+client.crl" 2017-06-14 16:45:15.102 EDT [22759] LOG: could not load SSL certificate revocation list file "root+client.crl": bad base64 decode The actually useful part of that comes out of OpenSSL, and we don't have a lot of control about how specific it is ... but there should be *something*. regards, tom lane -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
