I have created my CA, Server and Clients certificates and keys. I have tried connections using sslmode
flags with psql
. I have edited the pg_hba.conf
file to force SSL using hostssl
only. Now I would like to set my server in order to force the verification to be sslmode=verify-full
. I have read twice the documentation I and do not understand how to proceed. They say that it is controlled by an environment variable, but just cannot make it work. How must I set this variable and how would I make it persistent. Do anyone know how to proceed?
Update: I am runing a PostgreSQL 9.3 on Ubuntu Server 14.04
Best Answer
Maybe you want to limit the clients to those which present a given certificate, as described in Using client certificates:
On the other hand,
sslmode=verify-full
is a client-side feature. It benefits a client by ensuring that it connects to the intended server. It does not benefit a server as it's the server that is being checked.Having a server being configured to "refuse to not being checked" doesn't seem to make much sense, as if a server would say "I don't trust myself".