On Mon, Oct 22, 2012 at 6:54 PM, Greg Stark <st...@mit.edu> wrote: > I think we can provide a much better warning however. I think we want > something like 'WARNING: Server identity signed by unknown and > untrusted authority "Snakeoil CA"' > > We could go even further: > INFO: Server identity "ACME Debian Machine" certified by "Snakeoil CA" > WARNING: Server identity signed by unknown and untrusted authority "Snakeoil > CA" > HINT: Add either the server certificate or the CA certificate to > "/usr/lib/ssl/certs" after verifying the identity and certificate hash > > SSL is notoriously hard to set up, it would go a long way to give the > sysadmin an immediate pointer to what certificates are being used and > where to find or install the CA certs. It might be worth mentioning > the GUC parameter names to control these things too.
Yeah, this seems like a nice idea if we can do it. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
