Menu
What is the purpose of appending clientcert = 1 in the pg_hba.conf file in postgresql?
For example:
hostssl all all 0.0.0.0/0 cert clientcert=1
829
Amazon RDS supports Secure Socket Layer (SSL) encryption for PostgreSQL DB instances. Using SSL, you can encrypt a PostgreSQL connection between your applications and your PostgreSQL DB instances. By default, RDS for PostgreSQL uses and expects all clients to connect using SSL/TLS, but you can also require it.
A root. crt file is used to validate a TLS (a.k.a. SSL) certificate presented by the other end of a connection. It is usually the public certificate of the Certificate Authority (CA) that signed the presented certificate, and is used to validate that signature.
sslrootcert. This parameter specifies the name of a file containing SSL certificate authority ( CA ) certificate(s). If the file exists, the server's certificate will be verified to be signed by one of these authorities.
You must add clientcert=1 to hostssl options for checking the client certificates, otherwise everyone will be granted access in your setup.
When
clientcertis not specified or is set to0, the server will still verify presented client certificates against its CA list, if one is configured, — but it will not insist that a client certificate be presented.Source: Using Client Certificates from Postgres Docs
103
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
