| From: | "Martin Münstermann" <mmuenst(at)gmx(dot)de> |
|---|---|
| To: | Jose Berardo <joseberardo(at)gmail(dot)com>, pgsql-admin(at)postgresql(dot)org, bruce(at)momjian(dot)us |
| Subject: | Re: PostgreSQL with SSL |
| Date: | 2010-04-16 07:34:17 |
| Message-ID: | 20100416073417.132000@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hello.
> > > I'm trying to use the java keytool in place of openssl.
> > > - I believe that it not possible to start the PostgreSQL server
> without
> > > openssl (and ssl-dev package in debian), is it correct?
> >
> > Yes, I don't think the java keytool works.
>
> Oh, the documentation defeated me twice. The server reads the openssl
> configuration at start time too.
> The keytool may be used only to generate the key pair and the certificate,
> but it can not export the private key from its keystore. You need another
> tool or to write a Java code to do that.
OpenSSL has two ways to store private keys:
1. an own proprietary format
2. standard PKCS#8
The default as used in the postgresql doc is to produce the proprietary format.
Don't know if PostgreSQL can handle PKCS#8 keys.
If you'd like to check, here is a command to produce PKCS#8:
openssl pkcs8 -in server.key -out server.p8 -topk8
Jose, writing a tutorial sounds promising. If I can be of any help, just contact me.
Martin
--
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Khangelani Gama | 2010-04-16 08:22:27 | How can I find a broken row in a table |
| Previous Message | Renato Oliveira | 2010-04-16 07:03:57 | Re: archived WALL files question |