Hi, The CN is “www-data” as per the howtoforge documentation and added to the pg_hba.conf file. Do I have to add an actual user called “www-data” to the database? If so, do I have to have a different root and client certificate for every ssl user? Re pg_ident. I have added “cert www-data” Postgres” to pg_ident. Doesn’t help. Still getting the “connection requires a valid client certificate” error. Thanks Mark __ From: Bear Giles <bgiles@xxxxxxxxxxxxxx> It never hurts to double check. What is the CN on the client cert? Is there a corresponding user in the database? You might need to add an entry in pg_ident.conf, e.g., cert bob@xxxxxxxxxxx bob if you want user with the cert with a CN of 'bob@xxxxxxxxxxx' to access the system as the postgresql user 'bob'. You won't need this if your CN is the same as the database user. I've only set up Kerberos authentication, not X.509 cert authentication, so I don't know the details about what this file needs specifically. Bear On Mon, Aug 13, 2018 at 1:57 PM, Mark Williams <markwillimas@xxxxxxxxx> wrote:
|