Nikhil Shetty <nikhil.dba04@xxxxxxxxx> writes: > We were using MTLS to connect to the database. We noticed that even after > server certificates expired the client was able to connect to the database. > 1. Doesn't postgres check the expiry date of the certificate? Postgres does not. The openssl library can. The most likely guess, on the basis of the next-to-zero details you provided, is that the connection is succeeding via some method that doesn't require the client to check the server's certificate --- for instance, a completely unencrypted connection. regards, tom lane
