I have now tracked down and resolved the problem. There were clues to the solution in the error message but I lacked sufficient experience with ssl to realize it. The error was an uncommented line in /etc/pki/tls/openssl.cnf that depended upon an environment variable (ALTNAME) being set (subjectAltName=$ENV::ALTNAME). This was line 270 in that file. Note the error message: > Auto configuration failed > 29006:error:0E065068:configuration file routines:STR_COPY:variable > has no value:conf_def.c:629:line 207 Given what I know now I infer that conf_def is the variable that holds the actual file name of whatever configuration file is passed to openssl. The error message would have been far more informative had it provided the variable value rather than the variable name. And, I have no idea why PG84 choked on this and PG81 did not. Anyway, our upgraded PG84 service is now running with ssl enabled. Many thanks for the hints and suggestions. They did in fact eventually point me in the right direction. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@xxxxxxxxxxxxx Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
