From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Simon de Hartog <simon(dot)postgresql(at)dehartog(dot)nl> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: PostgreSQL configurable SSL key checking |
Date: | 2005-09-05 19:18:04 |
Message-ID: | 3753.1125947884@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Simon de Hartog <simon(dot)postgresql(at)dehartog(dot)nl> writes:
> I have added all the users these applications run as to a group called
> "ssl". Permissions on the private key are owned by root, group ssl,
> protection rw-r----- (640). When I tell PostgreSQL to use this key with
> certificate (by using symlinks from server.key and server.crt in the
> postgreSQL data dir) it tells me that owner and permissions are wrong.
> How can I use this certificate and key for PostgreSQL (without copying
> the key and changing owner and permissions etc, because then the whole
> idea of centrally coordinated certificates is gone)?
You can't, and I don't see why it's a good idea to use the same key for
different server applications.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2005-09-05 19:27:01 | Re: PostgreSQL configurable SSL key checking |
Previous Message | Patrick Welche | 2005-09-05 19:10:16 | Re: inet increment with int |