Yup, my bad.. I should have noticed all the other files were owned by
postgres (and I assume that's what the process is running under)..
I'm still a Unix newbie, but learning quickly..
Everything's working, and to my surprise pgAdmin connected using SSL
on the first try.. No need to mess with anything on the client side
of things..
So now I have my database, which only accepts TCP/IP "host"
connections from the IP addresses of my web servers, and then requires
"hostssl" from my home cable modem IP. Everything else is blocked.
Should be decently secure :)
Mike
On Sat, Oct 9, 2010 at 9:04 PM, Darren Duncan <darren@darrenduncan.net> wrote:
> The owner of these new files needs to be the same as that of your Pg data
> dir in general or postgresql.conf specifically, and that owner be the same
> as the process that runs the Pg server. Are you running Pg as root? (In
> any event, you should have another user; running programs or servers as root
> when they don't need root powers is generally a bad idea.) -- Darren Duncan
>
> Mike Christensen wrote:
>>
>> Hi, I'm trying to require SSL for Postgres connections from certain
>> IPs.. This is on Postgres 9.0.
>>
>> First, I've followed the directions at:
>>
>> http://www.postgresql.org/docs/9.0/static/ssl-tcp.html
>>
>> I've created the files server.crt and server.key. I've also removed
>> the passphrase from the key so Postgres can start automatically.
>> Finally, I ran:
>>
>> chmod 0600 server.key
>>
>> The permissions on server.key are now:
>>
>> -rw------- 1 root root 887 Oct 10 03:42 server.key
>>
>> However, when I set ssl = on in postgresql.conf and start the server,
>> I get the logged error:
>>
>> 2010-10-10 03:47:07 UTC FATAL: could not load private key file
>> "server.key": Permission denied
>>
>> I'm logged on as root. Any ideas? Thanks!
>>
>> Mike
>
>