Re: Refresh Postgres SSL certs?
| От | Martijn van Oosterhout |
|---|---|
| Тема | Re: Refresh Postgres SSL certs? |
| Дата | |
| Msg-id | 20140409193551.GA7062@svana.org обсуждение |
| Ответ на | Refresh Postgres SSL certs? (Paul Jungwirth <pj@illuminatedcomputing.com>) |
| Ответы |
Re: Refresh Postgres SSL certs?
|
| Список | pgsql-general |
On Wed, Apr 09, 2014 at 12:28:14PM -0700, Paul Jungwirth wrote:
> Hello,
>
> In light of the "Heartbleed" OpenSSL bug[0,1], I'm wondering if I need
> to regenerate the SSL certs on my postgres installations[2] (at least
> the ones listening on more than localhost)? On Ubuntu it looks like
> there are symlinks at /var/lib/postgresql/9.1/main/server.{crt,key}
> pointing to /etc/ssl/private/ssl-cert-snakeoil.{pem,key}. Is there any
> documentation on how to regenerate these? Are they self-signed? Can I
> replace them with my own self-signed certs, like I'd do with Apache or
> Nginx?
Have you read the Debian README?
/usr/share/doc/postgresql-*/README.Debian.gz
It talks about how the certificates are made. It uses the ssl-cert
package to make them, there's more docs there.
Yes, you can make your own self-signed certs and use them.
Have a nice day,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> He who writes carelessly confesses thereby at the very outset that he does
> not attach much importance to his own thoughts.
-- Arthur Schopenhauer
Вложения
В списке pgsql-general по дате отправления: