Re: pgAdmin asks me the server's private key

I think this is a postgres question about how it expects ssl to be configured ...<br />I found some source code for
Postgresthat has this message in it..<br /><br /><a
href="http://doxygen.postgresql.org/fe-secure_8c-source.html">http://doxygen.postgresql.org/fe-secure_8c-source.html</a><br
/><br/><div style="margin-left: 40px;">01010 if (have_cert && fnbuf[0] != '\0')<br />01011     {<br
/>01012        /* read the client key from file */<br />01013 <br />01014         if (stat(fnbuf, &buf) != 0)<br />
01015        {<br />01016             printfPQExpBuffer(&conn->errorMessage,<br
/>01017                              libpq_gettext("<b>certificate present, but not private key file</b> \"%s\"\n"),<br
/>01018                               fnbuf);<br />01019             return -1;<br />01020         }<br />01021 #ifndef
WIN32<br/>01022         if (!S_ISREG(buf.st_mode) || buf.st_mode & (S_IRWXG | S_IRWXO))<br />01023         {<br />
01024            printfPQExpBuffer(&conn->errorMessage,<br />01025                              
libpq_gettext("privatekey file \"%s\" has group or world access; permissions should be u=rw (0600) or less\n"),<br />
01026                              fnbuf);<br />01027             return -1;<br />01028         }<br />01029 #endif<br
/>01030<br />01031         if (SSL_use_PrivateKey_file(conn->ssl, fnbuf, SSL_FILETYPE_PEM) != 1)<br />01032        
{<br/> 01033             char       *err = SSLerrmessage();<br />01034 <br />01035            
printfPQExpBuffer(&conn->errorMessage,<br/>01036                libpq_gettext("could not load private key file
\"%s\":%s\n"),<br /> 01037                               fnbuf, err);<br />01038             SSLerrfree(err);<br
/>01039            return -1;<br />01040         }<br />01041     }<br /><br /></div><br /><br /><div
class="gmail_quote">2010/10/6Guillaume Lelarge <span dir="ltr"><<a
href="mailto:guillaume@lelarge.info">guillaume@lelarge.info</a>></span><br/><blockquote class="gmail_quote"
style="margin:0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Le 06/10/2010 22:51,
SébastienMauroy a écrit :<br /> > [...]<br /> > I installed postgreSQL on my serveur with the SSL support
enabled.I<br /> > have my own CA and I generated a cert for this service. When I use<br /> > pgAdmin III, it says
:<br/> ><br /> > "Error connecting to the server: certificate present, but not private<br /> > key file
"C:\Users\<myuser>\AppData\Roaming/postgresql/postgresql.key"<br /> ><br /> > I don't understand why it
wantsthe server private key ?! It's a big<br /> > security hole if I must give the private key. I miss something
?<br/> ><br /><br /> Well, I guess you do. Did you try to connect with psql? didn't it ask<br /> for the same
thing?<br/><br /><br /> --<br /> Guillaume<br />  <a href="http://www.postgresql.fr"
target="_blank">http://www.postgresql.fr</a><br/>  <a href="http://dalibo.com" target="_blank">http://dalibo.com</a><br
/><fontcolor="#888888"><br /> --<br /> Sent via pgadmin-support mailing list (<a
href="mailto:pgadmin-support@postgresql.org">pgadmin-support@postgresql.org</a>)<br/> To make changes to your
subscription:<br/><a href="http://www.postgresql.org/mailpref/pgadmin-support"
target="_blank">http://www.postgresql.org/mailpref/pgadmin-support</a><br/></font></blockquote></div><br />