Thank you all. You have given me a lot to digest for my project.
--
View this message in context:
http://postgresql.nabble.com/SSL-Certificates-in-Windows-7-Postgres-9-3-tp5830749p5831358.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.
--
Sent via pgsql-general m
On 12/17/2014 10:14 PM, harpagornis wrote:
I am developing a Windows desktop application so the client is the desktop
application. Depending on the installation, the app will be running in
single user mode, with the server and client both on only one machine, using
127.0.0.1. In that type of in
On 12/17/2014 10:14 PM, harpagornis wrote:
I am developing a Windows desktop application so the client is the desktop
application. Depending on the installation, the app will be running in
single user mode, with the server and client both on only one machine, using
127.0.0.1. In that type of in
I am developing a Windows desktop application so the client is the desktop
application. Depending on the installation, the app will be running in
single user mode, with the server and client both on only one machine, using
127.0.0.1. In that type of installation, there is little or no reason the
> Are there other methods/ practices commonly used for these operations?
> Thank you in advance.
You've got some serious confusion between client/server and other things
going on here...Adrian addressed those. It might help to think of the fact
that the clients and server are typically not on t
On 12/17/2014 11:38 AM, harpagornis wrote:
Some more questions if you please. I am in Houston, and we don't have a
postgres users group. If anyone knows of some postgres groups that have
webcasts of their meetings, let me know. Thanks.
I am trying to figure out how to manage the SSL client ce
Some more questions if you please. I am in Houston, and we don't have a
postgres users group. If anyone knows of some postgres groups that have
webcasts of their meetings, let me know. Thanks.
I am trying to figure out how to manage the SSL client certificates in a
Windows 7 environment, both i
Thank you. That resolved it. After revising the certificates, I was able to
connect with psql. I really appreciate all the help.
--
View this message in context:
http://postgresql.nabble.com/SSL-Certificates-in-Windows-7-Postgres-9-3-tp5830749p5831051.html
Sent from the PostgreSQL - general
On 12/16/2014 08:56 PM, harpagornis wrote:
To anyone following this thread, I would also like to point out the
following, from Man 31.18.1.
In verify-full mode, the cn (Common Name) attribute of the certificate is
matched against the host name. If the cn attribute starts with an asterisk
(*), it
To anyone following this thread, I would also like to point out the
following, from Man 31.18.1.
In verify-full mode, the cn (Common Name) attribute of the certificate is
matched against the host name. If the cn attribute starts with an asterisk
(*), it will be treated as a wildcard, and will ma
Yes, I have tested that the connection and it does work without SSL. I have
also verified with openssl that all the certificates have the same CN,
issuer, etc.
I am working in a development environment, hence the seemingly odd file
location. It may not seem that way, but I am narrowing down th
harpagornis wrote
> I understand all of that, about certificates. I only included all of the
> pg_env.bat file for completeness. You understand that I am trying to
> connect to the database by using just psql?
Yes, and are doing so with non-default locations for pretty much everything.
Given
I understand all of that, about certificates. I only included all of the
pg_env.bat file for completeness. You understand that I am trying to
connect to the database by using just psql?
--
View this message in context:
http://postgresql.nabble.com/SSL-Certificates-in-Windows-7-Postgres-9-3-tp
harpagornis wrote
> @SET PATH="C:\Program Files\PostgreSQL\9.3\bin";%PATH%
> @SET PGDATA=D:\PostgresDat
> @SET PGDATABASE=postgres
> @SET PGUSER=postgres
> @SET PGPORT=5432
> @SET PGSSLCERT=D:\POSTGRESDAT\POSTGRESQL.CRT
> @SET PGSSLKEY=D:\POSTGRESDAT\POSTGRESQL.KEY
> @SET PGSSLROOTCERT=D:\POSTGRESD
harpagornis writes:
> Unless I am missing something, I still do not see where how / where to
> specify sslcert, sslkey, root.crt in the psql command.
You don't. The SSL certificates are stored in files whose names are known
to the psql code. See
http://www.postgresql.org/docs/9.3/static/libpq-s
Unless I am missing something, I still do not see where how / where to
specify sslcert, sslkey, root.crt in the psql command. The referenced links
don't much go beyond these input variables [ dbname [ username ] [ host ] [
port ] .
--
View this message in context:
http://postgresql.nabble.com/
harpagornis wrote
> psql dbname=dbname user=my_role sslmode=verify-full sslcert=postgresql.crt
> sslkey=postgresql.key sslrootcert=root.crt
This is a psql command with 6 input arguments/options specified
psql "dbname=dbname [...]" is a psql command with 1 input argument/option
specified which is
Trying to connect via psql, I looked at the documentation and around the web,
but could not find the right syntax for including all the SSL connection
variables on the psql command line. I tried using the URL-type psql
command, variations of this:
--
O.K. I just found the environment variables for SSL, described in Man 31.14.
I will try that.
--
View this message in context:
http://postgresql.nabble.com/SSL-Certificates-in-Windows-7-Postgres-9-3-tp5830749p5830961.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.
Right, I want to try connecting by psql, but the postgres documentation and
"psql -- help" do not list the syntax for providing the certificate. I
tried the following, but the error was : "Connection requires a valid
certificate"
$
On 12/15/2014 09:54 PM, harpagornis wrote:
Ah! I figured out the pg_log error about "No pg_hba.conf entry for host
"127.0.0.1", user "SYSTEM", database "postgres", SSL off." That error
occurs when I go into Windows Component Services and restart postgres.
But, after I delete that pg_log file,
Ah! I figured out the pg_log error about "No pg_hba.conf entry for host
"127.0.0.1", user "SYSTEM", database "postgres", SSL off." That error
occurs when I go into Windows Component Services and restart postgres.
But, after I delete that pg_log file, there still is no connection and no
other p
Thank you all. Would something like Wireshark, WinPcap or WFetch show me
more about the SYSTEM connection?
--
View this message in context:
http://postgresql.nabble.com/SSL-Certificates-in-Windows-7-Postgres-9-3-tp5830749p5830806.html
Sent from the PostgreSQL - general mailing list archive at
On 12/15/2014 03:49 PM, Tom Lane wrote:
Adrian Klaver writes:
On 12/15/2014 02:36 PM, harpagornis wrote:
2014-12-15 22:28:06 GMT FATAL: connection requires a valid client
certificate
2014-12-15 22:28:06 GMT FATAL: no pg_hba.conf entry for host "127.0.0.1",
user "SYSTEM", database "postgres",
On 12/15/2014 03:25 PM, harpagornis wrote:
Yes, I did intend for only SSL connections. The console app must be the
SYSTEM user then, directly or maybe indirectly through the Windows
Certificate Store. I already added root.crt to the trusted certificates
through Windows MMC. Here is my console
Adrian Klaver writes:
> On 12/15/2014 02:36 PM, harpagornis wrote:
>> 2014-12-15 22:28:06 GMT FATAL: connection requires a valid client
>> certificate
>> 2014-12-15 22:28:06 GMT FATAL: no pg_hba.conf entry for host "127.0.0.1",
>> user "SYSTEM", database "postgres", SSL off
> Well something is
harpagornis wrote
> The console app must be the SYSTEM user then, directly or maybe indirectly
> through the Windows Certificate Store.
Doubtful.
The log also shows the attempt is to access the "postgres" database while
your provided connection string accesses "dbname"
You should probably start
Yes, I did intend for only SSL connections. The console app must be the
SYSTEM user then, directly or maybe indirectly through the Windows
Certificate Store. I already added root.crt to the trusted certificates
through Windows MMC. Here is my console app, in which I provide the
certificate, so w
On 12/15/2014 02:36 PM, harpagornis wrote:
I changed the CN in all the certificates from 127.0.0.1 "my_role", which is
the user id. Now the pg_log contains this:
---
2014-12-15 22:28:04 GMT LOG: database system
harpagornis wrote
> I changed the CN in all the certificates from 127.0.0.1 "my_role", which
> is the user id. Now the pg_log contains this:
> ---
> 2014-12-15 22:28:04 GMT LOG: database system was shut down at 20
I changed the CN in all the certificates from 127.0.0.1 "my_role", which is
the user id. Now the pg_log contains this:
---
2014-12-15 22:28:04 GMT LOG: database system was shut down at 2014-12-15
22:28:01 GMT
2014
On 12/15/2014 01:13 PM, harpagornis wrote:
Yes, I set the CN to 127.0.0.1 for all certificates. I verified that for all
certificates using openssl verify. I can connect o.k. without the SSL.
The CN needs to be the user not the IP address. Take a look at the link
I sent earlier, it is a great
Yes, I set the CN to 127.0.0.1 for all certificates. I verified that for all
certificates using openssl verify. I can connect o.k. without the SSL.
--
View this message in context:
http://postgresql.nabble.com/SSL-Certificates-in-Windows-7-Postgres-9-3-tp5830749p5830768.html
Sent from the Pos
On 12/15/2014 11:41 AM, harpagornis wrote:
I am trying to connect using SSL in Windows 7 and Postgres v9.3. The console
output error message is "Failed to establish a connection to 127.0.0.1" The
error message from the pg_log is:
---
2014-
I am trying to connect using SSL in Windows 7 and Postgres v9.3. The console
output error message is "Failed to establish a connection to 127.0.0.1" The
error message from the pg_log is:
---
2014-12-15 19:20:24 GMT FATAL: connection require
35 matches
Mail list logo
