PostgreSQL with SSL

PostgreSQL with SSL

am 12.04.2010 18:35:07 von Jose Berardo

--0016e6550dc2569b9404840cba34
Content-Type: text/plain; charset=ISO-8859-1

Hi,

I'm new on using SSL in PostgreSQL.

I've created a self-signed certificate using openssl and started the server
with ssl suport.

But I have some question, can you help me?

- There is any parameter to configure the path (and name) to certificate
(server.crt) and private key (server.key) like hba_file or ident_file in
postgresql.conf or any other?

- Is it possible to store the server.key in a ciphered file with triple-des
and configure the PostgreSQL to use a simetric-key to open it when it's
necessary?
Maybe I'm wrong but my server only works with I plain private key.

I'm trying to use the java keytool in place of openssl.
- I believe that it not possible to start the PostgreSQL server without
openssl (and ssl-dev package in debian), is it correct?

- When I create keys and certificates with keytool, it creates a java
keystore to store everything. I know how to export the certificate but I
don't know how to export the private key and when I use the keytool
certificate, the server crashes with this message:

FATAL: could not load server certificate file "server.crt": no start line

Sorry about too many questions, but anyone can help me to understand more
about ssl in PostgreSQL?


--
Regards,

Jose Berardo

--0016e6550dc2569b9404840cba34
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi,

I'm new on using SSL in PostgreSQL.

I've created =
a self-signed certificate using openssl and started the server with ssl sup=
ort.

But I have some question, can you help me?

- There is an=
y parameter to configure the path (and name) to certificate (server.crt) an=
d private key (server.key) like hba_file or ident_file in postgresql.conf o=
r any other?


- Is it possible to store the server.key in a ciphered=A0 file with tri=
ple-des and configure the PostgreSQL to use a simetric-key to open it when =
it's necessary?
Maybe I'm wrong but my server only works with I =
plain private key.


I'm trying to use the java keytool in place of openssl.
- I beli=
eve that it not possible to start the PostgreSQL server without openssl (an=
d ssl-dev package in debian), is it correct?

- When I create keys an=
d certificates with keytool, it creates a java keystore to store everything=
.. I know how to export the certificate but I don't know how to export t=
he private key and when I use the keytool certificate, the server crashes w=
ith this message:


=A0FATAL:=A0 could not load server certificate file "server.crt&qu=
ot;: no start line

Sorry about too many questions, but anyone can he=
lp me to understand more about ssl in PostgreSQL?


=
--

Regards,

Jose Berardo



--0016e6550dc2569b9404840cba34--