Jose Berardo wrote: > Hi, > > I'm new on using SSL in PostgreSQL. > > I've created a self-signed certificate using openssl and started the server > with ssl suport. > > But I have some question, can you help me? > > - There is any parameter to configure the path (and name) to certificate > (server.crt) and private key (server.key) like hba_file or ident_file in > postgresql.conf or any other? No, we only allow those fixed file names. > - Is it possible to store the server.key in a ciphered file with triple-des > and configure the PostgreSQL to use a simetric-key to open it when it's > necessary? > Maybe I'm wrong but my server only works with I plain private key. No. > I'm trying to use the java keytool in place of openssl. > - I believe that it not possible to start the PostgreSQL server without > openssl (and ssl-dev package in debian), is it correct? Yes, I don't think the java keytool works. > - When I create keys and certificates with keytool, it creates a java > keystore to store everything. I know how to export the certificate but I > don't know how to export the private key and when I use the keytool > certificate, the server crashes with this message: > > FATAL: could not load server certificate file "server.crt": no start line > > Sorry about too many questions, but anyone can help me to understand more > about ssl in PostgreSQL? Have you read the documentation about creating a server key? http://www.postgresql.org/docs/8.4/static/ssl-tcp.html -- Bruce Momjian <bruce@xxxxxxxxxx> http://momjian.us EnterpriseDB http://enterprisedb.com -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
