Quoting original message to try and show file contents... harpagornis wrote > I am trying to implement SSL certificates with postgres 9.3 locally in > Windows 7. In Windows Component Services / Local Services, postrgres is > configured to start automatically, with Log On as a local system account. > > Using my Windows administrator account, in a command prompt inside my data > folder, when I execute postgres -D . , I get the message, "Redirecting > logging output to the logging collector service." I also get this error > message in my log file: > > 2014-11-09 03:05:13 GMT LOG: client certificates can only be checked if a > root certificate store is available > 2014-11-09 03:05:13 GMT HINT: Make sure the configuration parameter > "ssl_ca_file" is set. > 2014-11-09 03:05:13 GMT CONTEXT: line 2 of configuration file > "D:/PostgresDat/pg_hba.conf" > 2014-11-09 03:05:13 GMT FATAL: could not load pg_hba.conf > > When I try to connect in PgAdminIII I get the error message, "Server isn't > listening" What am I doing wrong? Right now, just for development > purposes, do I need to have a root certificate? I tried unsuccessfully to > create one with makecert but couldn't get the flags and options right. > > > I followed the postgres & openssl documentation for creating the > privkey.pem, server.req, server.key and server.crt files, ie.: > > 1. openssl genrsa –out privkey.pem 2048 > 2. openssl req -new -key privkey.pem -out server.req –config > "D:\openssl\v9.8\openssl.cnf” > 3. openssl rsa -in privkey.pem -out server.key openssl req -x509 -in > server.req -text -key server.key -out server.crt -config > "D:\openssl\v9.8\openssl.cnf” > > > This is the entire pg_hba.conf file: > > > # TYPE DATABASE USER ADDRESS METHOD > hostssl all all 127.0.0.1/32 cert clientcert=1 > hostssl postgres postgres ::1/128 trust > #hostssl all all ::1/128 cert clientcert=1 > > Also, which of those last two lines in the pg_hba.conf file should I be > using to require SSL certificates for all postgres accounts? Is it even > possible to require a SSL certificate for the postgres account? > > This the entire postgresql.conf file: > > listen_addresses = '*' > port = 5432 # (change requires restart) > max_connections = 100 # (change requires restart) > # - Security and Authentication - > ssl = on # (change requires restart) > ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers > ssl_renegotiation_limit = 512MB # amount of data between renegotiations > ssl_cert_file = 'server.crt' # (change requires restart) > ssl_key_file = 'server.key' # (change requires restart) > #ssl_ca_file = 'root.crt' > password_encryption = on > shared_buffers = 128MB # min 128kB > > # ERROR REPORTING AND LOGGING > # - Where to Log - > log_destination = 'stderr' > # This is used when logging to stderr: > logging_collector = on # Enable capturing of stderr and csvlog > # into log files. Required to be on for > # csvlogs. > # (change requires restart) > log_line_prefix = '%t ' # special values: > > # - Locale and Formatting - > datestyle = 'iso, mdy' > timezone = 'US/Central' > lc_messages = 'English_United States.1252' # locale for system error > message > lc_monetary = 'English_United States.1252' # locale for monetary > formatting > lc_numeric = 'English_United States.1252' # locale for number formatting > lc_time = 'English_United States.1252' # locale for time formatting > > # default configuration for text search > default_text_search_config = 'pg_catalog.english' > > Thank you for all comments and suggestions. David J. -- View this message in context: http://postgresql.1045698.n5.nabble.com/SSL-Certificates-in-Postgres-9-3-and-Windows-7-tp5826230p5826247.html Sent from the PostgreSQL - general mailing list archive at Nabble.com. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
