I've been experimenting with the SSL connection support. Unfortunately I can't
get the postmaster to start because the instructions in the documentation for
setting up a certificate don't work.
They say:
=============================================================================
For details on how to create your server private key and certificate, refer
to the OpenSSL documentation... To create a quick self-signed certificate, use
the CA.pl script included in OpenSSL:
CA.pl -newcert
Fill out the information the script asks for. Make sure to enter the local
host name as Common Name. The script will generate a key that is passphrase
protected. To remove the passphrase (required if you want automatic
start-up of the postmaster), run the command
openssl x509 -inform PEM -outform PEM -in newreq.pem \ -out newkey_no_passphrase.pem
Enter the old passphrase to unlock the existing key. Copy the file newreq.pem
to PGDATA/server.crt and newkey_no_passphrase.pem to PGDATA/server.key.
Remove the PRIVATE KEY part from the server.crt using any text editor.
=============================================================================
The openssl x509 command runs with no interaction; this documentation seems
to indicate that it will ask for a password.
I can't find anything in the SSL documentation about removing or
changing the passphrase.
Has anyone successfully done this? and if so, how is the documentation
quoted above inforrect?
--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
======================================== "And she shall bring forth a son, and thou shall call his name JESUS;
forhe shall save his people from their sins." Matthew 1:21