On 12/15/2014 02:36 PM, harpagornis wrote:
> I changed the CN in all the certificates from 127.0.0.1 "my_role", which is
> the user id. Now the pg_log contains this:
> ---------------------------------------------------------------------------------------
> 2014-12-15 22:28:04 GMT LOG: database system was shut down at 2014-12-15
> 22:28:01 GMT
> 2014-12-15 22:28:04 GMT LOG: database system is ready to accept connections
> 2014-12-15 22:28:04 GMT LOG: autovacuum launcher started
> 2014-12-15 22:28:05 GMT FATAL: the database system is starting up
> 2014-12-15 22:28:06 GMT FATAL: connection requires a valid client
> certificate
> 2014-12-15 22:28:06 GMT FATAL: no pg_hba.conf entry for host "127.0.0.1",
> user "SYSTEM", database "postgres", SSL off
Well something is trying to connect not using SSL. Previously you showed
your pg_hba.conf as:
This is the pg_hba.conf
hostssl all all 127.0.0.1/32 cert clientcert=1
hostssl all all ::1/128 cert clientcert=1
If that is all of it there is no provision for a non-SSL connection.
The question then is who is "SYSTEM" user?
Is it the same as my_role or is something else?
Best guess is that there is a system user trying to connect in your setup.
>
>
>
>
> --
> View this message in context:
http://postgresql.nabble.com/SSL-Certificates-in-Windows-7-Postgres-9-3-tp5830749p5830783.html
> Sent from the PostgreSQL - general mailing list archive at Nabble.com.
>
>
--
Adrian Klaver
adrian.klaver@aklaver.com