Обсуждение: ssl and odbc standar driver
Hi!! It is possible to connect to postgres with odbc standar driver and ssl enabled ?? Es posible conectarme a postgresql con odbc standar driver y ssl activado? thanks!!! _________________________________________________________________ El mejor destino, con los mejores contenidos http://www.prodigy.msn.com
In deed it is possible. You'll need a ssl certificate and a private key and put it on c: in your users ....\application data\postgresql directory. You'll have to create the postgresql-directory first. The certificate has to be named postgresql.crt and the key postgresql.key. Now you can chose ssl in your dsn-settings or set the parameter in your connection string. Fabricio Peñuelas schrieb: > It is possible to connect to postgres with odbc standar driver and > ssl enabled ?? > Es posible conectarme a postgresql con odbc standar driver y ssl > activado?
I did this (16.7. Secure TCP/IP Connections with SSL) (postgresql documentation) i build postgresql with option --with-openssl then i created the certificate and put then into data dirtory openssl req -new -text -out server.req openssl rsa -in privkey.pem -out server.key rm privkey.pem openssl req -x509 -in server.req -text -key server.key -out server.crt chmod og-rwx server.key pg_hba.conf hostssl all all 0.0.0.0 0.0.0.0 md5 I can to conect from pg_admin and this say in properties page: Encryption SSL encrypted Now the problem is the client. i use this conecction string (http://www.connectionstrings.com/?carrier=postgresql) ODBC - PostgreSQL driver Standard Driver={PostgreSQL};Server=IP address;Port=5432;Database=myDataBase;Uid=myUsername;Pwd=myPassword; I can add SSL=true;SslMode=Require; to this string? I add the ssl option in the client but not function. The cliente say: FATAL: no pg_hba.conf entry for host "xx.xx.xx.xx", user "yyyyy", database "asdfasdf", SSL off I need to install something in the client? >The certificate has to be named postgresql.crt >and the key postgresql.key. this is for the client? sorry for my bad english... :) >From: Andreas <maps.on@gmx.net> >To: Fabricio Peñuelas <fabrixio1@hotmail.com> >CC: pgsql-admin@postgresql.org >Subject: Re: [ADMIN] ssl and odbc standar driver >Date: Wed, 08 Aug 2007 02:47:54 +0200 > > >In deed it is possible. >You'll need a ssl certificate and a private key and put it on c: in your >users ....\application data\postgresql directory. >You'll have to create the postgresql-directory first. > >The certificate has to be named postgresql.crt >and the key postgresql.key. > >Now you can chose ssl in your dsn-settings or set the parameter in your >connection string. > > > >Fabricio Peñuelas schrieb: >>It is possible to connect to postgres with odbc standar driver and ssl >>enabled ?? >>Es posible conectarme a postgresql con odbc standar driver y ssl activado? > > >---------------------------(end of broadcast)--------------------------- >TIP 6: explain analyze is your friend _________________________________________________________________ Live Search en Prodigy/MSN. Todo lo que buscas ahora más rapido http://live.com
Fabricio Peñuelas schrieb: > I need to install something in the client? Well, you obviously need the ODBC driver on the client >> The certificate has to be named postgresql.crt >> and the key postgresql.key. > > this is for the client? Yes. You need a key+cert pair for your client, too. And it should not be the same as the server's ;) The hairy part is that the documentation does explain the creation of the SSL stuff for the server but it fails to tell how to get the credentials for the clients. Every user who is supposed to connect from this client-pc needs to have at least those 2 files present in his/her "postgresql" folder. It needs to be created in the user's personal data subtree above c:\documents and settings\username\application data We are talking about Windows as client, are we? I haven't tried this with a Linux client but there it should be the folder /home/username/postgresql You wrote that you could connect with pgAdmin. pgAdmin needs the same two files with ssl-credentials so if this worked on your client, then there is something wrong with your connection string. On the other hand since the server complains that you try to connect without ssl, I'd rather think there is something wrong with your ssl-credentials. I'd guess the driver cant find them. > sorry for my bad english... :) no problem. It isn't my first language either.
The problem was ODBC driver version :( I update my driver from version 7.03.01 to 8.01.02 and it's working :) Documentation say: "If verification of client certificates is required, place the certificates of the CA(s) you wish to check for in the file root.crt in the data directory. When present, a client certificate will be requested from the client during SSL connection startup, and it must have been signed by one of the certificates present in root.crt. Certificate Revocation List (CRL) entries are also checked if the file root.crl exists. When the root.crt file is not present, client certificates will not be requested or checked. In this mode, SSL provides communication security but not authentication" I am working without root.crt and root.crl Now communication is security but not the authentication. I will try to create certificates in the cliente and root.crt and root.crl on the server. I have both, windows and linux client and my servers are linux. >The hairy part is that the documentation does explain the creation of the >SSL stuff for the server but it fails to tell how to get the credentials >for the clients. Do you now how create this credentials and root.crl? thank you very much by your help. >From: Andreas <maps.on@gmx.net> >To: Fabricio Peñuelas <fabrixio1@hotmail.com> >CC: pgsql-admin@postgresql.org >Subject: Re: [ADMIN] ssl and odbc standar driver >Date: Wed, 08 Aug 2007 20:00:34 +0200 > >Fabricio Peñuelas schrieb: >>I need to install something in the client? >Well, you obviously need the ODBC driver on the client >>>The certificate has to be named postgresql.crt >>>and the key postgresql.key. >> >>this is for the client? >Yes. You need a key+cert pair for your client, too. >And it should not be the same as the server's ;) >The hairy part is that the documentation does explain the creation of the >SSL stuff for the server but it fails to tell how to get the credentials >for the clients. > >Every user who is supposed to connect from this client-pc needs to have at >least those 2 files present in his/her "postgresql" folder. It needs to be >created in the user's personal data subtree above c:\documents and >settings\username\application data >We are talking about Windows as client, are we? >I haven't tried this with a Linux client but there it should be the folder > /home/username/postgresql > >You wrote that you could connect with pgAdmin. >pgAdmin needs the same two files with ssl-credentials so if this worked on >your client, then there is something wrong with your connection string. >On the other hand since the server complains that you try to connect >without ssl, I'd rather think there is something wrong with your >ssl-credentials. I'd guess the driver cant find them. > > >>sorry for my bad english... :) >no problem. It isn't my first language either. _________________________________________________________________ Windows Live Spaces en Prodigy/MSN Spaces: Crea tu propio espacio. http://spaces.live.com