host - Windows Server 2022 postgresql - 14.8 pgAdmin 4 - 7.1 openssl - 3.1.0
So I have generated a key and csr file to be sent to a CA cert issuer InCommon. I generated via openssl with the following command. openssl.exe req -newkey rsa:2048 -nodes -keyout postgresql.key -out postgresql.csr Downloaded the PKCS#7, PEM encoded version of the cert to use. The following is the changes I did to postgresql.conf. The x.x.x.x is the actual IP of the Server. listen_addresses = 'x.x.x.x' ssl = on #ssl_ca_file = '' ssl_cert_file = './certs/postgresql.cer' #ssl_crl_file = '' #ssl_crl_dir = '' ssl_key_file = './certs/postgresql.key' #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers #ssl_prefer_server_ciphers = on #ssl_ecdh_curve = 'prime256v1' #ssl_min_protocol_version = 'TLSv1.2' #ssl_max_protocol_version = '' #ssl_dh_params_file = '' #ssl_passphrase_command = '' #ssl_passphrase_command_supports_reload = off Here is the current setup of pg_hba.conf with real IP's being x.x.x.x # "local" is for Unix domain socket connections only #local all all scram-sha-256 # IPv4 local connections: #host all all 127.0.0.1/32 scram-sha-256 #host all all x.x.x.x/32 scram-sha-256 host all all x.x.x.x/32 scram-sha-256 hostssl all all 127.0.0.1/32 scram-sha-256 hostssl all all x.x.x.x/32 scram-sha-256 hostssl all all x.x.x.x/32 scram-sha-256 # IPv6 local connections: # host all all ::1/128 scram-sha-256 # Allow replication connections from localhost, by a user with the # replication privilege. local replication all scram-sha-256 host replication all 127.0.0.1/32 scram-sha-256 # host replication all ::1/128 scram-sha-256 The problem I am running into is my remote client can't connect via SSL to postgrsql. I am able to from the server itself. This is using pgAdmin 4 and making ssl mode as required. Also ran psql.exe on the server to show that SSL was in fact working on the server. "SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)". In the logs it is showing this when I try to connect via my remote client. [2672] LOG: could not accept SSL connection: An existing connection was forcibly closed by the remote host. The error from pgAdmin 4 on the remote client is this. connection failed: server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request. SSL SYSCALL error: Connection reset by peer (0x00002746/100054) I have been trying to find a solution with no luck. I am hoping that I might be missing something simple and someone will be able to see it.