RE: Setting up SSL for postgre

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



What do you mean by “change the ssl cert file and key”

 

Pg_hba.conf

 

# TYPE  DATABASE        USER            CIDR-ADDRESS            METHOD

 

# IPv4 local & remote connections:

host    all             all             127.0.0.1/32            trust

hostssl all         www-data    0.0.0.0/0             md5 clientcert=1

hostssl all         postgres    0.0.0.0/0             md5 clientcert=1

 

# IPv6 local connections:

host    all             all             ::1/128                 trust

 

Postgresql.conf

ssl = on

#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers

#ssl_prefer_server_ciphers = on

#ssl_ecdh_curve = 'prime256v1'

#ssl_dh_params_file = ''

ssl_cert_file = 'server.crt'

ssl_key_file = 'server.key'

ssl_ca_file = 'root.crt'

#ssl_crl_file = ''

 

Thanks

__

 

From: Bear Giles <bgiles@xxxxxxxxxxxxxx>
Sent: 13 August 2018 20:01
To: Mark Williams <markwillimas@xxxxxxxxx>
Cc: pgsql-admin@xxxxxxxxxxxxxxxxxxxx
Subject: Re: Setting up SSL for postgre

 

What's in pg_hba.conf?

 

What's in postgresql.conf?  Did you remember to change the ssl cert file and key? For authentication I think you might need to set the SSL ca file as well but I'm not sure.

 

 

On Mon, Aug 13, 2018 at 10:55 AM, Mark Williams <markwillimas@xxxxxxxxx> wrote:

I am new to Postgre. Migrating from MySQL.

 

I am trying to connect via SSL to a PostgreSQL using FireDac in Delphi. I have followed the instructions at the following site: https://www.howtoforge.com/postgresql-ssl-certificates to create my self-certified certificates and configure the config files.

 

I have coped the specified files to the client machine and installed the root.crt certificate.

Via FireDAC's connection params I have specified the following:

Params.values[SSL_ca']:=sslCertsPath+'root.crt';
Params.values['SSL_cert']:=sslCertsPath+'postgresql.crt.';
Params.values['SSL_key']:=sslCertsPath+'postgresql.key';

 

I am getting a connection error re invalid client certificate.

I have used OpenSSL to verify against the root.crt and postgresql.crt  and this confirms the certificate is ok.

Mark

 

__

 

 


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux