On Fri, Apr 8, 2011 at 2:21 PM, Carlos Mennens <carlos.mennens@xxxxxxxxx> wrote:
On Fri, Apr 8, 2011 at 1:15 PM, Diego Schulz <dschulz@xxxxxxxxx> wrote:Thanks for the quick reply Diego. I posted the commands above and I
> Hi,
> When linking to the certificate and key you should specify the full path.
> ln -s /etc/ssl/certs/db1_ssl.crt /full/path/to/db1_ssl.crt
> ln -s /etc/ssl/private/db1_ssl.key /full/path/to/db1_ssl.key
used the full path to the certificates as you can see. Here's the
info:
lrwxrwxrwx 1 postgres postgres 26 Apr 8 10:43 db1_ssl.crt ->
/etc/ssl/certs/db1_ssl.crtlrwxrwxrwx 1 postgres postgres 28 Apr 8 10:50 db1_ssl.key ->
/etc/ssl/private/db1_ssl.keyThe 1st part is just the symbolic link referenced in
/var/lib/postgresql/8.4/main but you can see it knows to reference the
symbolic links to /etc/ssl/...
I'm thinking there's some random configuration file for PostgreSQL
that has pointers to the old server.crt and server.key files but I've
searched /etc/postgres/ and /var/lib/postgresql/8.4/main completely
and can't find it what so ever. I am not authorized to disable SSL per
DoD standards / requirements sadly.
Any thing else I am missing? I can't be the 1st person to switch SSL
certificates during utilization.
Make sure the files have the right ownership and permissions.
It looks like ownership is correct (postgres:postgres) but permissions might be too loose.
Try chmod 400 on your key and certificate and see what happens.
cheers,
diego
