On Fri, Dec 6, 2019 at 4:22 PM Tom Lane <tgl@xxxxxxxxxxxxx> wrote:
Martin Goodson <kaemaril@xxxxxxxxxxxxxx> writes:
> Or am I stuck with either requesting a new certificate without the
> passphrase or going to PostgreSQL 11?
AFAIK, those are your options. Pre-v11 there was no reasonable way
to work with a server cert that requires a passphrase.
It should certainly be possible to remove the passphrase permanently from the received certificate again, no need for a new one. Well, technically the passphrase is on the key, and you remove it with something like:
openssl rsa -in current.key -out new.keyThat'll ask for a passphrase for the old key, and write the new one out without.
