stackoom
  简体   繁体   中英

PostgreSQL connection require a valid client certificate

 原文  2018-08-10 19:55:59       postgresql

Question

I am trying to connect via SSL to a PostgreSQL using FireDac in Delphi. I have followed the instructions at the following site: https://www.howtoforge.com/postgresql-ssl-certificates

I have created all the certificates. Configured the postgreql.conf as specified so it points to the required files. Copied the specified files to the client machine and installed the root.crt certificate.

Via FireDAC's connection params I have specified the following:

Params.values[SSL_ca']:=sslCertsPath+'root.crt';
Params.values['SSL_cert']:=sslCertsPath+'postgresql.crt.';
Params.values['SSL_key']:=sslCertsPath+'postgresql.key';

I am getting a connection error re invalid client certificate. I am not sure which certificate it is referring to and why it is invalid. Am I specifying the correct client certificates by way of the connection's params? If so, any suggestions as to why I may be getting the error please?

OpenSSL verify against the root.crt and postgresql.crt confirms the certificate is ok.

1 answers

solution1
 0  2018-08-30 12:13:30

After over 3 weeks of frustration trying to set up PostgreSQL with SSL using FireDAC, I have finally figured out what the problem is and what the solution is.

For anyone wishing to connect using FireDAC, the howtoforge guide (see link in original post) works fine.

However, do not use the FireDAC parameters in my original post. PostgreSQL does not use them. You need to use the PGAdvanced parameter.

But even after figuring this out, I still could not get it to work for weeks until after testing I got an error message which finally made it clear what I was doing wrong. On Windows PostgreSQL strips out path delimiters unless you escape them (this is not mentioned in the PostgreSQL or FireDAC help files as far as I can see).

Below is an example of the correct way to connect using FireDac paramaters for ssl

Params.values['PGAdvanced']:='sslmode=verify-ca sslrootcert=C:\\ProgramData\\MWC\\Viewer\\Certs\\root.crt sslcert=C:\\ProgramData\\MWC\\Viewer\\Certs\\postgresql.crt sslkey=C:\\ProgramData\\MWC\\Viewer\\Certs\\postgresql.key';

If you don't wish to use a root certificate set sslmode to require .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question psql: FATAL: connection requires a valid client certificate connection requires a valid client certificate in laravel google cloud postgres with ssl mode Closing a PostgreSQL Client Connection in Rust Nifi and Postgresql with certificate: how to set client certificate and key? Creating a database and connection with client for PostgreSQL on OSX Where is the AWS PostgreSQL RDS Server certificate, client certificate & client private key? Postgresql could not accept SSL connection: sslv3 alert certificate unknown How to create client certificate for multiple users for Postgresql DB with OpenSSL? How to determine if java.sql.Connection is valid with PostgreSQL JDBC4 pgx tls connection throws client cert invalid error for valid cert
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM