> It does not cause an error, but omit -text. done > Did you make sure that postgresql.key has permissions 0600? of course. otherwise it shows warning >> files on postgresql server: >> server.key (priv and pub keys) > > Did you make sure that server.key has permissions 0600? yes >> psql: SSL error: sslv3 alert bad certificate > > That means, I guess, that the client does not like its certificate files. > > Check that they are ok, with something like > > openssl x509 -noout -dates -issuer -subject -in root.crt > or > openssl x509 -noout -text -in root.crt > > Same for root.crt. %openssl x509 -noout -dates -issuer -subject -in postgresql.crt notBefore=May 16 13:55:49 2008 GMT notAfter=Jun 15 13:55:49 2008 GMT issuer= /C=UK/ST=Some-State/L=Kiev/O=0x2A/CN=80.93.122.34/emailAddress=support@xxxxxxxxxxx subject= /C=UK/ST=Some-State/L=Kiev/O=Internet Widgits Pty Ltd/CN=localhost/emailAddress=imgrey@xxxxxxxxx %openssl x509 -noout -dates -issuer -subject -in root.crt notBefore=May 16 13:49:57 2008 GMT notAfter=Jun 15 13:49:57 2008 GMT issuer= /C=UK/ST=Some-State/L=Kiev/O=0x2A/CN=80.93.122.34/emailAddress=support@xxxxxxxxxxx subject= /C=UK/ST=Some-State/L=Kiev/O=0x2A/CN=80.93.122.34/emailAddress=support@xxxxxxxxxxx btw, the same: psql: SSL error: sslv3 alert bad certificate postgres[29563]: [3-1] LOG: could not accept SSL connection: no certificate returned
