Home > Uncategorized > Quick Primer: postgresql SSL

Quick Primer: postgresql SSL

openssl req -new -text -out server.req
#PEM passphrase: [PEM_PASSPHRASE]
#Common Name: [HOSTNAME]
#challenge password: [blank]
openssl rsa -in privkey.pem -out server.key
#enter [PEM_PASSPHRASE] as the passphrase
openssl req -x509 -in server.req -text -key server.key -out server.crt
# note that server.key is the key to be accessed.
sed s/#ssl\ =\ off/ssl\ =\ on/ -i /var/lib/pgsql/8.4/data/postgresql.conf
cp server.crt /var/lib/pgsql/8.4/data/
cp server.key /var/lib/pgsql/8.4/data/
chmod og-rwx /var/lib/pgsql/8.4/data/server.key
chown postgres:postgres /var/lib/pgsql/8.4/data/server.key
service postgresql-8.4 restart

In order to guarantee identity of the server and the certificate issuer, you have to create a trust hierarchy = use a trusted CA. Otherwise, you basically make your use of encryption void (that is if you allow you postgresql server to be compromised so that a new key can be placed).

With reference

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: