Home > mailing lists

Re: Log the incoming old SSL certs by pid or any way - Mailing list pgsql-general

From	Christoph Moench-Tegeder
Subject	Re: Log the incoming old SSL certs by pid or any way
Date	June 25, 2020 13:24:07
Msg-id	20200625102407.GA20342@elch.exwg.net Whole thread Raw
In response to	Log the incoming old SSL certs by pid or any way (Durumdara <durumdara@gmail.com>)
List	pgsql-general

Tree view

## Durumdara (durumdara@gmail.com):

> Do we have chance to log somewhere the connected client's certificate, or
> some info about it?

There's pg_stat_ssl, and if you had an recent version of PostgreSQL
(9.6 is too old for that), you'd even have the serial number of
the certificate in there:
https://www.postgresql.org/docs/12/monitoring-stats.html#PG-STAT-SSL-VIEW

On the other hand, you could check the certificates directly,
e.g. https://github.com/matteocorti/check_ssl_cert or even
just some scripting around openssl. (That assumes that you know
where those client certificates are).

Regards,
Christoph

-- 
Spare Space

pgsql-general by date:

From: Patrick FICHE
Date: 25 June 2020, 13:03:22
Subject: RE: PostGreSQL TDE encryption patch

From: "Bhalodiya, Chirag"
Date: 25 June 2020, 13:50:06
Subject: Re: PostGreSQL TDE encryption patch

Re: Log the incoming old SSL certs by pid or any way - Mailing list pgsql-general

Previous

Next