> It does not cause an error, but omit -text.
done
> Did you make sure that postgresql.key has permissions 0600?
of course. otherwise it shows warning
>> files on postgresql server:
>> server.key (priv and pub keys)
>
> Did you make sure that server.key has permissions 0600?
yes
>> psql: SSL error: sslv3 alert bad certificate
>
> That means, I guess, that the client does not like its certificate files.
>
> Check that they are ok, with something like
>
> openssl x509 -noout -dates -issuer -subject -in root.crt
> or
> openssl x509 -noout -text -in root.crt
>
> Same for root.crt.
%openssl x509 -noout -dates -issuer -subject -in postgresql.crt
notBefore=May 16 13:55:49 2008 GMT
notAfter=Jun 15 13:55:49 2008 GMT
issuer= /C=UK/ST=Some-State/L=Kiev/O=0x2A/CN=80.93.122.34/emailAddress=support@0x2a-dc.com
subject= /C=UK/ST=Some-State/L=Kiev/O=Internet Widgits Pty
Ltd/CN=localhost/emailAddress=imgrey@gmail.com
%openssl x509 -noout -dates -issuer -subject -in root.crt
notBefore=May 16 13:49:57 2008 GMT
notAfter=Jun 15 13:49:57 2008 GMT
issuer= /C=UK/ST=Some-State/L=Kiev/O=0x2A/CN=80.93.122.34/emailAddress=support@0x2a-dc.com
subject= /C=UK/ST=Some-State/L=Kiev/O=0x2A/CN=80.93.122.34/emailAddress=support@0x2a-dc.com
btw, the same:
psql: SSL error: sslv3 alert bad certificate
postgres[29563]: [3-1] LOG: could not accept SSL connection: no
certificate returned