On Mon, Sep 11, 2006 at 02:32:26AM +0200, Jean-Gerard Pailloncy wrote: > I have setup an apache server with SSL. > I create a CA, serker.key, server.crt. > I create a user.key and user.cert. > Now the apache server accept only the correct certificate for login > on a given directory. > > I have a PHP script that query the database using the HTTP login/ > password as PostgreSQL user/password. > > I plan to add the same SSL setup to PostreSQL. > 1) Is it possible to use the SSL authentification done by apache with > PostgreSQL ? I don't think so. If the PHP script makes an SSL connection to PostgreSQL and PostgreSQL requests a client certificate, then the PHP script will need access to a private key to respond correctly. The HTTP client's private key won't be available to Apache/PHP (at least not via the HTTP connection) so the script will need to use a private key of its own. I'm not aware of a way for Apache to proxy PostgreSQL's SSL negotiation with the PHP script back to the HTTP client. > 2) How the DN of the certificate is match against an PostgreSQL role ? As far as I can tell no such matching is done. I can make SSL connections to PostgreSQL as any user with the same certificate, and I don't see anything in the documentation that allows that to be configured. If I've overlooked something then somebody please point it out. -- Michael Fuhr
