Hi,
I tried sending this mail to pgadmin, but nobody could find a solution
to my problem. So I changed my problem into a suggestion and I was
hoping I am at the right place for it here :-)
-------- Original Message --------
Subject: Postgres using SSL connections
Date: Thu, 25 Aug 2005 20:27:18 +0200
From: Simon de Hartog <simon.postgresql@dehartog.nl>
To: pgsql-admin@postgresql.org
Hi,
I want to have Postgres use an SSL certificate for secure access by
clients over the internet. I have a server that runs PostgreSQL and I
have created my own Certificate Authority. I now have a certificate and
corresponding private key in /etc/ssl. This pair is used without
problems by:
- Apache 2
- LDAP server
- Sendmail
- stunnel
- VPN software
I have added all the users these applications run as to a group called
"ssl". Permissions on the private key are owned by root, group ssl,
protection rw-r----- (640). When I tell PostgreSQL to use this key with
certificate (by using symlinks from server.key and server.crt in the
postgreSQL data dir) it tells me that owner and permissions are wrong.
How can I use this certificate and key for PostgreSQL (without copying
the key and changing owner and permissions etc, because then the whole
idea of centrally coordinated certificates is gone)?
I checked the archives. A lot of comments considering the unclear error
messages in previous versions, this has been solved IMHO. Also some
comments and patches to remove these checks, concluded by comments that
they must remain. All in all, it still doesn't work for my situation.
So my suggestion is:
Would it be nice to have a configuration-file option to disable these
checks? Maybe possibly even configurable locations of these files,
instead of the defaults in the PostgreSQL data dir?
Kind regards and thanks in advance,
Simon de Hartog
P.S. If you would like a patch, do you want it against 8.0.x or 8.1 beta
(or both)?
--
"From every point in life, there's a road that leads to where you want to go."
E: simon <at-sign> dehartog <point> nl
W: http://simon.dehartog.nl/
P: +31-6-15094709
M: simon_net <at-sign> rootsr <point> com
I: 8714776
K: http://www.rootsr.com/simon.crt