Sweet! That fixed it.. Rock on.. Of course now let's see if I can connect from my Mac client :) On Sat, Oct 9, 2010 at 9:00 PM, Ben Carbery <ben.carbery@xxxxxxxxx> wrote: > The private keys needs to be readable by the same user the server runs > under. This is distribution-dependent and may not be 'root'. > In my case I run Red Hat which uses the 'postgres' user, so: > > chown postgres.postgres /var/lib/pgsql/data/server.* > > > On Sun, Oct 10, 2010 at 2:52 PM, Mike Christensen <mike@xxxxxxxxxxxxx> > wrote: >> >> Hi, I'm trying to require SSL for Postgres connections from certain >> IPs.. This is on Postgres 9.0. >> >> First, I've followed the directions at: >> >> http://www.postgresql.org/docs/9.0/static/ssl-tcp.html >> >> I've created the files server.crt and server.key. I've also removed >> the passphrase from the key so Postgres can start automatically. >> Finally, I ran: >> >> chmod 0600 server.key >> >> The permissions on server.key are now: >> >> -rw------- 1 root root 887 Oct 10 03:42 server.key >> >> However, when I set ssl = on in postgresql.conf and start the server, >> I get the logged error: >> >> 2010-10-10 03:47:07 UTC FATAL: could not load private key file >> "server.key": Permission denied >> >> I'm logged on as root. Any ideas? Thanks! >> >> Mike >> >> -- >> Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) >> To make changes to your subscription: >> http://www.postgresql.org/mailpref/pgsql-general > > > > -- > ------------------------------------------------------------------------------------------------------------------------------------------------------- > "Because it that the times revive as time is fresh somehow, and it to feel > wins why, and, as for it, all forget an old thing" - Japanese saying > -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
