18th October 2018: PostgreSQL 11 Released!
Supported Versions: Current (11) / 10 / 9.6 / 9.5 / 9.4 / 9.3
Development Versions: devel
Unsupported versions: 9.2 / 9.1 / 9.0 / 8.4 / 8.3 / 8.2 / 8.1 / 8.0

27.13. SSL Support

PostgreSQL has native support for using SSL connections to encrypt client/server communications for increased security. See Section 16.8 for details about the server-side SSL functionality.

If the server demands a client certificate, libpq will send the certificate stored in file ~/.postgresql/postgresql.crt within the user's home directory. A matching private key file ~/.postgresql/postgresql.key must also be present, and must not be world-readable. (On Microsoft Windows these files are named %APPDATA%\postgresql\postgresql.crt and %APPDATA%\postgresql\postgresql.key.)

If the file ~/.postgresql/root.crt is present in the user's home directory, libpq will use the certificate list stored therein to verify the server's certificate. (On Microsoft Windows the file is named %APPDATA%\postgresql\root.crt.) The SSL connection will fail if the server does not present a certificate; therefore, to use this feature the server must also have a root.crt file.