psql.bin: FATAL: client certificates can only be checked if a root certificate store is available

Posted on by Leave a comment
After configuration of PostgreSQL SSL, when we try to connect from client so server using psql. we are getting below error.

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 17.0px Menlo; color: #000000; background-color: #ffffff} span.s1 {font-variant-ligatures: no-common-ligatures}

-bash-4.2$ psql -p 5444 -d edb -h 192.168.1.103
psql.bin: FATAL:  client certificates can only be checked if a root certificate store is available
FATAL:  no pg_hba.conf entry for host “192.168.1.105”, user “enterprisedb”, database “edb”, SSL off

This error is because, you have set below entry in pg_hba.conf of data directory.

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 17.0px Menlo; color: #000000; background-color: #ffffff} span.s1 {font-variant-ligatures: no-common-ligatures} span.Apple-tab-span {white-space:pre}

hostssl all all  0.0.0.0/0 md5 clientcert=1


The clientcert means, client certificate needs to be verified. If we do not set the “ssl_ca_file” like below we will get the error.

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 17.0px Menlo; color: #000000; background-color: #ffffff} span.s1 {font-variant-ligatures: no-common-ligatures}

edb=# show ssl_ca_file ;
 ssl_ca_file 
————-
 root.crt
(1 row)

After setting this do a restart.

Reference:

https://www.postgresql.org/docs/current/static/ssl-tcp.html#SSL-CLIENT-CERTIFICATES

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s