=?ISO-8859-1?Q?Marc-Andr=E9_Laverdi=E8re?= <marc-andre@atc.tcs.com> writes:
>> My pg_hba.conf file is configured with this:
>> hostssl all abc ::1/128 cert clientcert=1
>> Yet I am unable to start the server. This is what I get on startup:
>> $ sudo /etc/init.d/postgresql start 9.0
>> * Starting PostgreSQL 9.0 database server
>> * The PostgreSQL server failed to start. Please check the log output:
>> 2011-03-17 16:39:13 IST LOG: client certificates can only be checked
>> if a root certificate store is available
>> 2011-03-17 16:39:13 IST HINT: Make sure the root.crt file is present
>> and readable.
>> 2011-03-17 16:39:13 IST CONTEXT: line 93 of configuration file
>> "/etc/postgresql/9.0/main/pg_hba.conf"
>> 2011-03-17 16:39:13 IST FATAL: could not load pg_hba.conf
Hmm, did you remember to set ssl = on in postgresql.conf? While
experimenting I accidentally found out it will react like this if
it finds clientcert=1 in pg_hba.conf but SSL wasn't enabled in
postgresql.conf. Needless to say, that's not a very friendly error
response --- will see about improving it.
regards, tom lane
