SSL Connections

From: "Oliver Elphick" <olly(at)lfix(dot)co(dot)uk>
To: pgsql-hackers(at)postgresql(dot)org
Subject: SSL Connections
Date: 2000-12-20 16:04:27
Message-ID: 200012201604.eBKG4RP26011@linda.lfix.co.uk
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

I've been experimenting with the SSL connection support. Unfortunately I can't
get the postmaster to start because the instructions in the documentation for
setting up a certificate don't work.

They say:
=============================================================================
For details on how to create your server private key and certificate, refer
to the OpenSSL documentation... To create a quick self-signed certificate, use
the CA.pl script included in OpenSSL:

CA.pl -newcert

Fill out the information the script asks for. Make sure to enter the local
host name as Common Name. The script will generate a key that is passphrase
protected. To remove the passphrase (required if you want automatic
start-up of the postmaster), run the command

openssl x509 -inform PEM -outform PEM -in newreq.pem \
-out newkey_no_passphrase.pem

Enter the old passphrase to unlock the existing key. Copy the file newreq.pem
to PGDATA/server.crt and newkey_no_passphrase.pem to PGDATA/server.key.
Remove the PRIVATE KEY part from the server.crt using any text editor.
=============================================================================

The openssl x509 command runs with no interaction; this documentation seems
to indicate that it will ask for a password.

I can't find anything in the SSL documentation about removing or
changing the passphrase.

Has anyone successfully done this? and if so, how is the documentation
quoted above inforrect?

--
Oliver Elphick Oliver(dot)Elphick(at)lfix(dot)co(dot)uk
Isle of Wight http://www.lfix.co.uk/oliver
PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"And she shall bring forth a son, and thou shall call
his name JESUS; for he shall save his people from
their sins." Matthew 1:21

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Dominic J. Eidson 2000-12-20 16:12:12 Re: SSL Connections
Previous Message Luis Sousa 2000-12-20 15:41:42 Re: Ocasional problems !!!!