I follow this to the LETTER https://jamielinux.com/docs/openssl-certificate-authority/introduction.html. I create my root certificate, my intermediate one, and my final one. All work, I have my postgresql server that launch correctly, I can connect to it with pgadmin 4 with verify-full using the full chain root certificate ca-chain.cert.pem (and I can't without the file) so it's work but:
pub async fn new() -> Result<DB> {
let cert = native_tls::Certificate::from_pem(
&utils::read(&OPTIONS.postgrepsql.certificate).context(Io)?,
)
.context(Tls)?;
let tls = MakeTlsConnector::new(
TlsConnector::builder()
.add_root_certificate(cert)
.build()
.context(Tls)?,
);
let config = tokio_postgres::Config::from_str(&format!(
"{} sslmode=require",
OPTIONS.postgrepsql.config()
))
.context(PostgreSQL)?;
let manager = Manager::new(config, tls);
let pool = Pool::from_config(manager, PoolConfig::default());
Ok(DB { pool })
}
pub fn config(&self) -> String {
format!(
"host={} port={} user={} password={}",
self.host,
self.port,
self.user,
self.password.expose_secret()
)
}
Jul 16 18:56:20.468 DEBUG optomata::internal_server_error: Pool { source: Backend(Error { kind: Tls, cause: Some(Os { code: -2146762487, kind: Other, message: "Une chaîne de certificats a été traitée mais s’est terminée par un certificat racine qui n’est pas approuvé par
le fournisseur d’approbation." }) }) }
Environment:
OS: Archlinux & Windows 10
rustc 1.53.0 (53cb7b09b 2021-06-17)
I try to check and check and double check everything, I don't understand why it doesn't work.
I follow this to the LETTER https://jamielinux.com/docs/openssl-certificate-authority/introduction.html. I create my root certificate, my intermediate one, and my final one. All work, I have my postgresql server that launch correctly, I can connect to it with pgadmin 4 with
verify-full
using the full chain root certificateca-chain.cert.pem
(and I can't without the file) so it's work but:Doesn't work, linux:
windows error:
Environment:
I try to check and check and double check everything, I don't understand why it doesn't work.