solved: SSL mode with Intermediate Certificate Authorities and CRLS

Andrew's PostgreSQL blog

Thursday, December 20. 2012

solved: SSL mode with Intermediate Certificate Authorities and CRLS

My many thanks to Radu Radutiu who has found the solution to my SSL problem. It turns out that if you use a CRL file it needs to contain a CRL (even if it's only empty) for every CA in the chain of CAs. We need to document this.
Posted by Andrew Dunstan in PostgreSQL at 17:54 | Comment (1) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

One should also make sure that the CRLs are always valid. If any CRL in the chain is expired or considered invalid (e.g. contains an invalid revocation reason) the authentication will fail. This becomes a major issue if you are using an external CA with a very short CRL lifetime (like 24 or 48 h).

#1 Radu Radutiu on 2012-12-21 10:54 (Reply)

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
Wiki format allowed
 
 

My Links etc

PostgreSQL Home
Planet.PostgreSQL.org
PostgreSQL Experts Inc.
Dunslane Consulting, LLC

My Github Page
My BitBucket Page
My public gists

Non-Tech Rants and Raves

Blog Administration

Open login screen

Calendar

Back May '13
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Quicksearch

Archives

Categories



All categories

Syndicate This Blog

Powered by

Serendipity PHP Weblog