Обсуждение: SSL question
All; We have a client that is asking for a service as follows: - a virtual machine in our data center - they want to upload files to the VM via sftp - they want to connect to a local db server on the VM via SSL Here's my question; Do I need to pay for an official SSL cert? If so, they seem to be tied to an apache config. Am I missing something? Thanks in advance
On Feb 4, 2013 8:50 PM, "CS DBA" <cs_dba@consistentstate.com> wrote:
>
> All;
>
> We have a client that is asking for a service as follows:
>
> - a virtual machine in our data center
> - they want to upload files to the VM via sftp
> - they want to connect to a local db server on the VM via SSL
>
> Here's my question;
> Do I need to pay for an official SSL cert?
No, you can use stunnel or setup a simple vpn.
CS DBA wrote: > We have a client that is asking for a service as follows: > > - a virtual machine in our data center > - they want to upload files to the VM via sftp > - they want to connect to a local db server on the VM via SSL > > Here's my question; > Do I need to pay for an official SSL cert? If so, they seem to be tied > to an apache config. Am I missing something? I don't see how Apache comes in here. I hope I understand correctly that your customer wants a PostgreSQL client on his/her machine to connect to a PostgreSQL server on your machine with SSL. Will the connection be via the C API, JDBC, Npgsql or something else? Do you want to use SSL for encryption or also for authentication? If you only need encryption, you can use a random self signed certificate on the database server, and you don't need anything on the client. If you want to authenticate the client with SSL, you have to make sure that the client's certificates are signed by a certification authority that your server trusts. Since that is in your hands, there's no (technical) need to use a commercial certification authority. Suggested reading: http://www.postgresql.org/docs/current/static/ssl-tcp.html http://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-CERT http://www.postgresql.org/docs/current/static/runtime-config-connection.html#RUNTIME-CONFIG-CONNECTION-SECURITY Yours, Laurenz Albe