[08006] SSL error: Failed to parse server certificates Empty issuer DN not allowed in X509Certificates.

[dotX12]

There is a problem with connecting to the database in some clients (e.g. all jetbrains products), when connecting I get this error: [08006] SSL error: Failed to parse server certificates Empty issuer DN not allowed in X509Certificates.

If you look at the certificate:

root@postgres-cluster-01:~# openssl x509 -in /var/lib/postgresql/tls/server.crt -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:f9:c8:e7:6f:f8:e4:20:fb:61:b2:ce:15:e6:67:e2:70:a0:51:21
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: 
        Validity
            Not Before : Dec 24 00:23:11 2024 GMT
            Not After : Dec 22 00:23:11 2034 GMT
        Subject: 
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
...
...

Then you see empty Issuer and Subject.

I had to recreate the certificate.

openssl req -new -x509 -days 3650 -nodes \.
  -out /var/lib/postgresql/tls/server.crt.
  -keyout /var/lib/postgresql/tls/server.key \.
  -subj “/C=US/ST=New York/L=New York/O=Your Organization/OU=IT Department/CN=postgres-cluster”

 chmod 600 /var/lib/postgresql/tls/server.key
chown postgres:postgres /var/lib/postgresql/tls/server.key /var/lib/postgresql/tls/server.crt

Only after these actions everything worked.

root@postgres-cluster-01:~# openssl x509 -in /var/lib/postgresql/postgresql/tls/server.crt -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:e1:a0:59:2f:41:ee:f6:0f:cf:76:83:09:1a:27:76:8a:88:a8:17
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, ST = New York, L = New York, O = Your Organization, OU = IT Department, CN = postgres-cluster
        Validity
            Not Before : Dec 24 00:44:38 2024 GMT
            Not After : Dec 22 00:44:38 2034 GMT
        Subject: C = US, ST = New York, L = New York, O = Your Organization, OU = IT Department, CN = postgres-cluster
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
...
...

Could you please fix this problem and generate certificates with Issuer / Subject?

[dotX12]

Before

After

[vitabaks]

cc @klention

[dotX12]

I should add that the problem occurs with both 2.1 and 2.0 from August 18. I have not tested earlier versions.

[vitabaks]

TLS is not available in the current versions. It will be introduced in version 2.2.0 and will also be available in the master branch (latest).

It seems that you are testing a non-release version from the master branch based on the messages.

[dotX12]

TLS is not available in the current versions. It will be introduced in version 2.2.0 and will also be available in the master branch (latest).

It seems that you are testing a non-release version from the master branch based on the messages.

hmmm... I encountered this problem with docker image autobase/console:2.1.0, I thought it was a problem with that version, then I put autobase/console:2.0.0 and encountered the same problem. you can check it yourself, I didn't take code from the master branch, I took already ready images and used ui, not through ansible by hand.

[vitabaks]

I understood. Console is the UI, use PG_CONSOLE_DOCKER_IMAGE=autobase/automation:2.1.0 to determine the automation component version, or just delete this variable so that the version matches the console.

[vitabaks]

Done #857