Thank you very much for your answer Laurenz, I was storing the client certificates in PGDATA (C:\Program Files\PostgreSQL\9.5\data\) instead of in APPDATA (C:\Users\XXX\AppData\Roaming).
Problem solved. Thank you 2016-03-09 11:45 GMT+01:00 Albe Laurenz <laurenz.a...@wien.gv.at>: > Lupi Loop wrote: > > PostgreSQL documentation at > http://www.postgresql.org/docs/9.5/static/libpq-ssl.html > > says that when a client certificate is requested by a server, a windows > client psql will use by > > default the credentials located at %APPDATA%\postgresql\postgresql.crt > and > > %APPDATA%\postgresql\postgresql.key > > > > However, my psql client application (v 9.5.0) in a Windows Server 2012 > R2 cannot find the certificates > > in this location and only works when this location is specifically set > using the sslcert and sslkey > > attributes when connecting. Is this a bug or am I using a wrong path? > > > > This an example of execution: > > > > ------------------------------------------- > > C:\Program Files\PostgreSQL\9.5\data> ..\bin\psql > "postgresql://postgres@localhost/postgres" > > psql: FATAL: connection requires a valid client certificate > > FATAL: no pg_hba.conf entry for host "::1", user "postgres", > database"postgres", SSL off > > > > C:\Program Files\PostgreSQL\9.5\data> ..\bin\psql > > "postgresql://postgres@localhost > /postgres?sslkey=postgresql\postgresql.key&sslcert=postgresql\postgres > > ql.crt" > > psql (9.5.0) > > SSL connection (protocol: TLSv1.2, cipher: > ECDHE-RSA-AES256-GCM-SHA384,bits: 256, compression: off) > > Type "help" for help. > > postgres=# > > -------------------------------- > > cheers > > To make this work, you will have to have a root certificate "root.crt" in > the > server's data directory and the configuration parameter "ssl_ca_file" set > to "root.crt". > > The corresponding line in pg_hba.conf should look like this: > hostssl <dbname> <user> <client IP>/32 md5 clientcert=1 > > Then you have to restart the server. > But I guess you have done that since it works if you specify the files > explicitly. > > Perhaps you are not in the %APPDATA% directory. > What do you get when you type > echo %APPDATA% > on the command prompt? > > One possibility to investigate this is to run "Process Monitor" and add > the filters > "Process Name is psql.exe" and "Patch ends with postgresql.key". > Then you should see where psql looks for the client key. > > Yours, > Laurenz Albe >