Hi, I want to have Postgres use an SSL certificate for secure access by clients over the internet. I have a server that runs PostgreSQL and I have created my own Certificate Authority. I now have a certificate and corresponding private key in /etc/ssl. This pair is used without problems by: - Apache 2 - LDAP server - Sendmail - stunnel - VPN software I have added all the users these applications run as to a group called "ssl". Permissions on the private key are owned by root, group ssl, protection rw-r----- (640). When I tell PostgreSQL to use this key with certificate (by using symlinks from server.key and server.crt in the postgreSQL data dir) it tells me that owner and permissions are wrong. It seems to me that they are only "wrong" by PostgreSQL's opinion. How can I use this certificate and key for PostgreSQL (without copying the key and changing owner and permissions etc, because then the whole idea of centrally coordinated certificates is gone)? I checked the archives. A lot of comments considering the unclear error messages in previous versions, this has been solved IMHO. Also some comments and patches to remove these checks, concluded by comments that they must remain. All in all, it still doesn't work for my situation. Would it be nice to have a configuration-file option to disable these checks? Maybe possibly even configurable locations of these files, instead of the defaults in the PostgreSQL data dir? Kind regards and thanks in advance, Simon de Hartog -- "From every point in life, there's a road that leads to where you want to go." E: simon <at-sign> dehartog <point> nl W: http://simon.dehartog.nl/ P: +31-6-15094709 M: simon_net <at-sign> rootsr <point> com I: 8714776 K: http://www.rootsr.com/simon.crt
