From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Jose Berardo <joseberardo(at)gmail(dot)com> |
Cc: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: PostgreSQL with SSL |
Date: | 2010-04-15 02:06:30 |
Message-ID: | 201004150206.o3F26U427784@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Jose Berardo wrote:
> Hi,
>
> I'm new on using SSL in PostgreSQL.
>
> I've created a self-signed certificate using openssl and started the server
> with ssl suport.
>
> But I have some question, can you help me?
>
> - There is any parameter to configure the path (and name) to certificate
> (server.crt) and private key (server.key) like hba_file or ident_file in
> postgresql.conf or any other?
No, we only allow those fixed file names.
> - Is it possible to store the server.key in a ciphered file with triple-des
> and configure the PostgreSQL to use a simetric-key to open it when it's
> necessary?
> Maybe I'm wrong but my server only works with I plain private key.
No.
> I'm trying to use the java keytool in place of openssl.
> - I believe that it not possible to start the PostgreSQL server without
> openssl (and ssl-dev package in debian), is it correct?
Yes, I don't think the java keytool works.
> - When I create keys and certificates with keytool, it creates a java
> keystore to store everything. I know how to export the certificate but I
> don't know how to export the private key and when I use the keytool
> certificate, the server crashes with this message:
>
> FATAL: could not load server certificate file "server.crt": no start line
>
> Sorry about too many questions, but anyone can help me to understand more
> about ssl in PostgreSQL?
Have you read the documentation about creating a server key?
http://www.postgresql.org/docs/8.4/static/ssl-tcp.html
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
From | Date | Subject | |
---|---|---|---|
Next Message | Martin Münstermann | 2010-04-15 07:45:42 | Re: PostgreSQL with SSL |
Previous Message | Bruce Momjian | 2010-04-15 00:12:56 | Re: block a database |