|
|
|
|
|
|
by inopinatus
2362 days ago
|
|
|
> I just put my root certs in ~/.postgresql/root.crt and it all works, right? Also ensure sslmode is set to verify-ca or verify-full, either as a set parameter or via the PGSSLMODE environment variable. See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/ssl-c... As ever, the #1 tip to maximise confidence in your configuration is to automate it, write a failing test case, then fix the test. > Any specific examples? Some of the new-wave SSL implementations (including yaSSL, with which mysql-client can/could be built) didn't always support them (not sure where yaSSL is at now), and the AWS documentation hints that it's cropped up in some circumstance in GovCloud, but I think the most likely circumstances will be enterprise folks using appliances and/or appliance-like software that's configured only via a web UI, one in which they just didn't think chains were necessary (or that only supports a small bundle etc etc; the sky's the limit in this class of software gore). I've seen this exact issue, albeit for an LDAP client not a RDBMS. |
|
|