__ From: Mark Williams <markwillimas@xxxxxxxxx> Hi Wim, I don’t understand. If I don’t include the password option, the connection will be refused because I have not included it. I am connecting via PGAdmin with the same user ie postgres. Re the log on the “windows machine” both server and client are windows machines. Which log should I check? Finally, I’m pretty sure FireDAC doesn’t any restrictions on self-certified connections. I connect to MySQL over SSL via FireDAC with a self-certified certificate. Thanks Mark __ From: Wim Bertels <wim.bertels@xxxxxxx> Hallo Mark, you should not include the password option, so possibly you are connecting with the password in pgadmin (with another user) .. instead of the cert meth; another option: check the posgresql log on the windows machine sslmode=require: firedac might require a valid (official or installed) certificate? maybe check: https://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-CERT https://www.postgresql.org/docs/10/static/ssl-tcp.html https://www.postgresql.org/docs/10/static/libpq-ssl.html hth, Wim Van: Mark Williams <markwillimas@xxxxxxxxx> Hi Wim, I did intend Cert aut (at least I think I did!). Still cannot connect to postgre database from my client app using FireDAC. I can connect fine from PGAdmin3 on the same machine using the same certificates. The call made by FireDAC to libPQ.Dll is the following: PQconnectdb [ConnInfo=hostaddr=192.168.0.12 port=5432 dbname=rees user=postgres password=*** connect_timeout=10 sslmode=require sslrootcert=C:\ProgramData\MWC\Viewer\Certs\root.crt sslcert=C:\ProgramData\MWC\Viewer\Certs\postgresql.crt sslkey=C:\ProgramData\MWC\Viewer\Certs\postgresql.key password=1234, Result=$0000000003B262B0] 13222564840001 17:41:04.681 . ERROR: connection requires a valid client certificate [Status=1] The SSLmode is set to require when I connect with PGAdmin. So presumably, there is no problem with the certificates. Is there anything that jumps out from the FireDAC output as to why the SSL connection doesn’t work? Many thanks, Mark __ From: Wim Bertels <wim.bertels@xxxxxxx> Hallo Mark, as i quickly read the error message in your question, these we're my first suggestions. either * did you intent cert aut for the postgres user? * u use a selfsigned certificate, hence software that checks for the validity will fail or ask for this ** using for example the free, but official letsencrypt certificates this should be solved hth, Wim Van: Mark Williams <markwillimas@xxxxxxxxx> Hi, Sorry I don’t understand what you are suggesting re the pg_hba file. __ From: Wim Bertels <wim.bertels@xxxxxxx>
cert method for auth, hence this behaviour (client cert..) extra tip: https://duckduckgo.com/?q=letsencrypt+postgresql for official server side certificates mvg, Bertels Wim
|
