Nathan Aherne wrote: > We would like to use SSL to secure data transmission between our app server and postgres server as > they are both on the public internet. We cannot use SSH tunnels as our infrastructure doesn’t allow > it. Using client SSL keys poses a number of structural issues for us as well. > > Instead we would like to use MD5 Username/Password to authenticate to Postgres while having postgres > encrypt the data transfer via SSL (forced). Is this possible? If so: Yes, this is possible, we do it all the time. > 1. are there any issues with doing things this way? > 2. we have configured pg_hba.conf with hostssl and md5 clientcert=0 but cannot seem to get the correct > connection string combination. Could someone point me in the correct direction. There is no option "clientcert=0" for the md5 authentication method. Just remove that and everything should work fine. What client do you use to connect? If you connect with libpq, you can add "sslmode=require" to the connection string, but this is not necessary, since "sslmode=prefer" is default, and that will try SSL first. Yours, Laurenz Albe -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
