Ahoj,
rychlodotaz. Zkousim ruzne navody na generovani overeni uzivatele pres klientske certifikaty do postgresql pres openssl.
Funkcni:
https://docs.devart.com/studio-for-postgresql/connecting-to-db/generating-ssl-certificate.htmltzn, vygenerovani server.crt a jeho pouziti jako root.crt, klient vygenerovany proti server crt
Nefunkcni: pridani intermediate certifikatu
1]
vygenerovani root.crt
vygenerovani root.crt -> intermediate.crt
vygenerovani root.crt -> intermediate.crt -> server.crt
vygenerovani root.crt -> intermediate.crt -> client.crt
chyba:
2024-12-05 12:12:09.574 CET [145340] [unknown]@[unknown] LOG: could not accept SSL connection: certificate verify failed
2024-12-05 12:12:09.574 CET [145340] [unknown]@[unknown] DETAIL: Client certificate verification failed at depth 1: unable to get issuer certificate.
Failed certificate data (unverified): subject "/CN=IntermediateA1A", serial number 309702439278542523809315669172409373896084017275, issuer "/CN=RootA1".
2]
vygenerovani root.crt
vygenerovani root.crt -> intermediate.crt
vygenerovani root.crt -> intermediate.crt -> server.crt
vygenerovani root.crt -> client.crt
chyba:
2024-12-05 12:03:35.322 CET [144691] [unknown]@[unknown] LOG: could not accept SSL connection: certificate verify failed
2024-12-05 12:03:35.322 CET [144691] [unknown]@[unknown] DETAIL: Client certificate verification failed at depth 1: self-signed certificate in certificate chain.
Failed certificate data (unverified): subject "/CN=RootA1", serial number 600670979593537536306603896096514133306975213284, issuer "/CN=RootA1".
root.crt obsahuje jen root crt, server.crt obsahuje server+intermediate crt, client.crt obsahuje client + intermediate crt.
Vuci cemu se tedy ma generovat client.crt, aby to postgresql vzal?
Diky