[pgpool-general: 267] PGPool II + SSL + Backend SSL...
Matt Wise
matt at nextdoor.com
Wed Mar 7 05:41:44 JST 2012
I'm trying to setup PGPool with our Postgres environment, but we use SSL client-cert-verification on our Postgres servers to allow our clients in. We're trying to do that with PGPool's backend connection, but no matter what I seem to do, I get an auth failure. How do I configure PGPool to use a particular SSL certificate+username combination when connecting to our back-end Postgres servers?
pgpool relevant config:
> # - Authentication -
> enable_pool_hba = on
> authentication_timeout = 20
> ssl = on
> ssl_key = '/opt/pgpool2/ssl/server.key'
> ssl_cert = '/opt/pgpool2/ssl/server.crt'
> ssl_ca_cert = '/opt/pgpool2/ssl/root.crt'
pgpool log:
> DEBUG: pid 16275: pool_ssl: sending client->server SSL request
> DEBUG: pid 16275: pool_ssl: client->server SSL response: S
> ERROR: pid 16275: s_do_auth: expecting R got E
> ERROR: pid 16275: make_persistent_db_connection: s_do_auth failed
> ERROR: pid 16275: connect_inet_domain_socket: connect() failed: Connection timed out
> ERROR: pid 16275: make_persistent_db_connection: connection to test-db-3-i-7333e117(5432) failed
> ERROR: pid 16275: connect_inet_domain_socket: connect() failed: Connection refused
> ERROR: pid 16275: make_persistent_db_connection: connection to test-db-4-i-37fd2f53(5432) failed
> DEBUG: pid 16275: check_replication_time_lag: DB node is valid but no persistent connection
> ERROR: pid 16275: check_replication_time_lag: could not connect to DB node 0, check sr_check_user and sr_check_password
postgres log:
> 2012-03-06 20:40:42.027 GMT,"postgres","postgres",29561,"10.214.25.129:21854",4f567649.7379,1,"authentication",2012-03-06 20:40:41 GMT,1/35,0,FATAL,28000,"connection requires a valid client certificate",,,,,,,,,""
More information about the pgpool-general
mailing list