After I disable SSL option in postgresql.conf the server is starting
successfully.
Please, advise.
Jan-Peter Seifert wrote:
Hello Andriy,
the reply-to settings are a bit uncomfortable here. Your mail went only
to me. But I'm not part of the developer or support team. It's strange
that pg_ctl doesn't say anything else. Is there any system sniffer on
FreeBSD like Process Monitor on Windows? I can only say that the docs
worked for me (removed the password as described) on Ubuntu and Windows.
I got complaints because of the rights on the certificates first. Does
the server really start if SSL is deactivated in postgresql.conf again?
Good luck,
Peter
Yes of cause I compiled with OpenSSL support (FreeBSD port has this
option enabled by default). And I have all certificates with proper CA
signature, rest of applications (Postfix, Apache, etc.) work with this
certificates very well.
And to make sure I ran the following command 'pg_config':
$ pg_config
BINDIR = /usr/local/bin
DOCDIR = /usr/local/share/doc/postgresql
INCLUDEDIR = /usr/local/include
PKGINCLUDEDIR = /usr/local/include/postgresql
INCLUDEDIR-SERVER = /usr/local/include/postgresql/server
LIBDIR = /usr/local/lib
PKGLIBDIR = /usr/local/lib/postgresql
LOCALEDIR = /usr/local/share/locale
MANDIR = /usr/local/man
SHAREDIR = /usr/local/share/postgresql
SYSCONFDIR = /usr/local/etc/postgresql
PGXS = /usr/local/lib/postgresql/pgxs/src/makefiles/pgxs.mk
CONFIGURE = '--with-libraries=/usr/local/lib'
'--with-includes=/usr/local/include' '--enable-thread-safety'
'--with-docdir=/usr/local/share/doc/postgresql' '--with-openssl'
'--with-system-tzdata=/usr/share/zoneinfo' '--enable-integer-datetimes'
'--enable-nls' '--prefix=/usr/local' '--mandir=/usr/local/man'
'--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd7.0' 'CC=cc'
'CFLAGS=-O2 -fno-strict-aliasing -pipe ' 'LDFLAGS= -pthread
-rpath=/usr/local/lib' 'build_alias=amd64-portbld-freebsd7.0'
CC = cc
CPPFLAGS = -I/usr/local/include
CFLAGS = -O2 -fno-strict-aliasing -pipe -Wall -Wmissing-prototypes
-Wpointer-arith -Winline -Wdeclaration-after-statement -Wendif-labels
-fno-strict-aliasing -fwrapv
CFLAGS_SL = -fPIC -DPIC
LDFLAGS = -pthread -rpath=/usr/local/lib -L/usr/local/lib
-Wl,-R'/usr/local/lib'
LDFLAGS_SL =
LIBS = -lpgport -lintl -lssl -lcrypto -lz -lreadline -lcrypt -lm
VERSION = PostgreSQL 8.3.3
It should be something else.
Andriy
Jan-Peter.Seifert@xxxxxx wrote:
Hi,
Datum: Wed, 03 Sep 2008 08:43:29 -0400
Von: Andriy Bakay <andriy@xxxxxxxxxxxx>
An: pgsql-admin@xxxxxxxxxxxxxx, pgsql-ru-general@xxxxxxxxxxxxxx
Betreff: [ADMIN] SSL problems
Hi Team,
I have problems to setup SSL for PostgreSQL server. I did all the steps
which described in the documentation (17.8. Secure TCP/IP Connections
with SSL), but when I try to start the PostgreSQL server the pg_ctl gave
me: "could not start server". And nothing in the logs (I enabled all of
them). I googled around but did not find much.
My spec:
FreeBSD 7.0-RELEASE-p3 amd64
PostgreSQL 8.3.3 (installed from ports):
WITH_NLS=true
WITHOUT_PAM=true
WITHOUT_LDAP=true
WITHOUT_MIT_KRB5=true
WITHOUT_HEIMDAL_KRB5=true
WITHOUT_OPTIMIZED_CFLAGS=true
WITH_XML=true
WITHOUT_TZDATA=true
WITHOUT_DEBUG=true
WITH_ICU=true
WITH_INTDATE=true
obviously configure hasn't been run with the option "--with-openssl"
before compiling the binaries.
With the PostgreSQL command pg_config you get the configure options
that have been used for making the binaries - so you can make sure. It
seems that you must recompile from sources. Are you sure you have
openssl itself installed on your system? Maybe you have to generate a
certificate as well. It has been a while since I had installed
SSL-support successfully on windows and Linux.
Peter
