PostgreSQL 连接需要有效的客户端证书
[英]PostgreSQL connection require a valid client certificate
问题描述
I am trying to connect via SSL to a PostgreSQL using FireDac in Delphi.
我正在尝试在 Delphi 中使用 FireDac 通过 SSL 连接到 PostgreSQL。 I have followed the instructions at the following site: https://www.howtoforge.com/postgresql-ssl-certificates我已按照以下站点的说明进行操作: https : //www.howtoforge.com/postgresql-ssl-certificates
I have created all the certificates.我已经创建了所有证书。 Configured the postgreql.conf as specified so it points to the required files.按照指定配置 postgreql.conf,使其指向所需的文件。 Copied the specified files to the client machine and installed the root.crt certificate.将指定文件复制到客户端机器并安装 root.crt 证书。
Via FireDAC's connection params I have specified the following:通过 FireDAC 的连接参数,我指定了以下内容:
Params.values[SSL_ca']:=sslCertsPath+'root.crt';
Params.values['SSL_cert']:=sslCertsPath+'postgresql.crt.';
Params.values['SSL_key']:=sslCertsPath+'postgresql.key';
I am getting a connection error re invalid client certificate.我收到无效客户端证书的连接错误。 I am not sure which certificate it is referring to and why it is invalid.我不确定它指的是哪个证书以及它为什么无效。 Am I specifying the correct client certificates by way of the connection's params?我是否通过连接的参数指定了正确的客户端证书? If so, any suggestions as to why I may be getting the error please?如果是这样,关于为什么我可能会收到错误的任何建议?
OpenSSL verify against the root.crt and postgresql.crt confirms the certificate is ok. OpenSSL 验证 root.crt 和 postgresql.crt 确认证书没问题。
1 个解决方案
解决方案1
0 2018-08-30 12:13:30
After over 3 weeks of frustration trying to set up PostgreSQL with SSL using FireDAC, I have finally figured out what the problem is and what the solution is.在尝试使用 FireDAC 使用 SSL 设置 PostgreSQL 超过 3 周的挫折之后,我终于弄清楚了问题所在以及解决方案是什么。
For anyone wishing to connect using FireDAC, the howtoforge guide (see link in original post) works fine.对于希望使用 FireDAC 进行连接的任何人,howtoforge 指南(请参阅原始帖子中的链接)工作正常。
However, do not use the FireDAC parameters in my original post.但是,不要在我原来的帖子中使用 FireDAC 参数。 PostgreSQL does not use them. PostgreSQL 不使用它们。 You need to use the PGAdvanced parameter.您需要使用PGAdvanced参数。
But even after figuring this out, I still could not get it to work for weeks until after testing I got an error message which finally made it clear what I was doing wrong.但即使在弄清楚这一点之后,我仍然无法让它工作数周,直到在测试后我收到一条错误消息,最终清楚地表明我做错了什么。 On Windows PostgreSQL strips out path delimiters unless you escape them (this is not mentioned in the PostgreSQL or FireDAC help files as far as I can see).在 Windows 上,PostgreSQL 会去掉路径分隔符,除非你将它们转义(据我所知,PostgreSQL 或 FireDAC 帮助文件中没有提到这一点)。
Below is an example of the correct way to connect using FireDac paramaters for ssl以下是使用 FireDac 参数进行 ssl 连接的正确方法示例
Params.values['PGAdvanced']:='sslmode=verify-ca sslrootcert=C:\\ProgramData\\MWC\\Viewer\\Certs\\root.crt sslcert=C:\\ProgramData\\MWC\\Viewer\\Certs\\postgresql.crt sslkey=C:\\ProgramData\\MWC\\Viewer\\Certs\\postgresql.key';
If you don't wish to use a root certificate set sslmode to require .如果您不想使用根证书,请将sslmode设置为require 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.