Search Postgresql Archives

Re: SSL certificates issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 
> I personally haven't tired SSL for PostgreSQL but, I think, You should 
> put in root.crt only intermediate certificate (C1 - from prev post), so 
> all and only all "sub-certs" of intermediate CA will be able to 
> establish connection (paranoic security).
> 
> Putting intermediate CAs as trusted in Java keystore may be solution, 
> but I'm not sure if in situation of cert invalidation, such cert will be 
> rejected.
> 
> If you want to write SSL Factory, you should re-implement KeyManager 
> only, to give ability of extended search.
> 
> Regards,
> Radek
> 

I  have already tried with only C1 in root.crt but unfortunately it does not work. I get error message that cert is invalid. It seems that chained CA's are not supported in a way we would like to have it done. I would prefer to have number of trusted certs in root.crt limited as much as possible, but as I said it does not work.

About Java, I would need to analyze the libpq code and implement KeyManager in a similar way - this is surely possible but not necessarily preferred solution ;-)

Kind regards,
Joanna


-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux