May 2018
Intermediate to advanced
576 pages
30h 25m
English
The last two SSL modes allow you to be reasonably sure that you are actually talking to your server by checking the SSL certificate presented by the server.
In order to enable this useful security feature, the following files must be available on the client side. On Unix systems, they are located in the client home directory, in a subdirectory named ~/.postgresql. On Windows, they are in %APPDATA%\postgresql\.
| File | Contents | Effect |
| root.crt | Certificates of one or more trusted CAs | PostgreSQL verifies that the server certificate is signed by a trusted CA |
| root.crl | Certificates revoked by CAs | The server certificate must not be on this list |
Only the root.crt file is required for the client to authenticate ...