On 20.Jul 2005 - 00:56:34, Martin Pitt wrote: > Hi Andreas! > > Andreas Pakulat [2005-07-20 0:13 +0200]: > > according to the logfile, postgresql looks for the server certificate in > > /var/lib/postgresql/8.0/main/root.crt, but the link to the > > postgresql-common-certificate is called server.crt. > > server.crt is indeed the correct server certificate and postgresql > uses it. root.crt is the collection of valid client certificates, thus > provides client side authentication.
Hmm, I thought that postgresql looks for root.crt as the server certificate. > It doesn't hurt if root.crt is > not present, it's not used in this case. (Look at > file:///usr/share/doc/postgresql-doc-8.0/html/ssl-tcp.html if you have > postgresql-doc-8.0 installed). I have to admit, that I did not check the doc's to find something about root.crt, sorry. > However, I'm not sure whether it makes sense to ship a default > root.crt. What do you think? I don't think so either. Correct me if I'm wrong but normally you would have certificates for each client and put them onto the server (as root.crt) right? Then it really doesn't make much sense to provide a default here. Andreas -- You will obey or molten silver will be poured into your ears.
pgpBuUR2bVsnv.pgp
Description: PGP signature
