From: | "Martin Münstermann" <mmuenst(at)gmx(dot)de> |
---|---|
To: | Jose Berardo <joseberardo(at)gmail(dot)com>, pgsql-admin(at)postgresql(dot)org, bruce(at)momjian(dot)us |
Subject: | Re: PostgreSQL with SSL |
Date: | 2010-04-16 07:34:17 |
Message-ID: | 20100416073417.132000@gmx.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Hello.
> > > I'm trying to use the java keytool in place of openssl.
> > > - I believe that it not possible to start the PostgreSQL server
> without
> > > openssl (and ssl-dev package in debian), is it correct?
> >
> > Yes, I don't think the java keytool works.
>
> Oh, the documentation defeated me twice. The server reads the openssl
> configuration at start time too.
> The keytool may be used only to generate the key pair and the certificate,
> but it can not export the private key from its keystore. You need another
> tool or to write a Java code to do that.
OpenSSL has two ways to store private keys:
1. an own proprietary format
2. standard PKCS#8
The default as used in the postgresql doc is to produce the proprietary format.
Don't know if PostgreSQL can handle PKCS#8 keys.
If you'd like to check, here is a command to produce PKCS#8:
openssl pkcs8 -in server.key -out server.p8 -topk8
Jose, writing a tutorial sounds promising. If I can be of any help, just contact me.
Martin
--
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
From | Date | Subject | |
---|---|---|---|
Next Message | Khangelani Gama | 2010-04-16 08:22:27 | How can I find a broken row in a table |
Previous Message | Renato Oliveira | 2010-04-16 07:03:57 | Re: archived WALL files question |