hi,
I was reading the post for BUG # 1321 (Date: Tue, 16 Nov 2004 13:30:33
-0700) the error "sslv3 alert handshake failure" that i have
encountered now.
I have postgreSQL 8.0.1 and have OpenSSL 0.9.7a.
I have read through the documentation and a few other sites.
PG_HBA.CONF
----------------------
local all all trust
host all all 127.0.0.1 255.255.255.255 trust
host all all 192.168.0.0/16 trust
hostssl dbm all 192.168.200.201 255.255.255.255 md5
SERVER
--------------
(Fedora Core 2)
Database =3DDBM, owner=3Ddbmuser
I have done the following steps:
(a) openssl req -new -text -out server.req
(b) openssl rsa -in privkey.pem -out server.key
(c) rm privkey.pem
(d) openssl req -x509 -in server.req -text -key server.key -out server.crt
(e) chmod og-rwx server.key
Above steps were from the documentation for 8.0. I tested the
communication to a remote machine (hostssl'ed with md5 in pg_hba.conf)
and the data (when viewed on ethereal) was encrypted.
(f) ln -s server.crt root.crt
(g) ln -s server.key root.key
Now i have [root.crt, root.key, server.crt, server.key, server.req]
files in /usr/local/pgsql/data (which is my $PGDATA) which are owned
by "chown postgres:postgres".
CLIENT
------------
psql -d dbm -c 'select * from hosts;' -U postgres -h 192.168.200.201
Here's where i am stuck.
I created the directory ~/.postgresql as it never existed on remote
machine (Fedora core 3) as user root.
I have tried stopping and restarting the postmaster.
I have following Questions:
(a) How do i create the ~/.postgresql/postgresql.crt and
~/.postgresql/postgresql.key files (not sure about the commands)?
(b) Where do i get the ~/.postgresql/root.crt from?
(c) Is there anything else i am missing thats not in document or that
i need to know?
thanks,
vish
(Vishal Saberwal)
