Hi,
I want to have Postgres use an SSL certificate for secure access by
clients over the internet. I have a server that runs PostgreSQL and I
have created my own Certificate Authority. I now have a certificate and
corresponding private key in /etc/ssl. This pair is used without
problems by:
- Apache 2
- LDAP server
- Sendmail
- stunnel
- VPN software
I have added all the users these applications run as to a group called
"ssl". Permissions on the private key are owned by root, group ssl,
protection rw-r----- (640). When I tell PostgreSQL to use this key with
certificate (by using symlinks from server.key and server.crt in the
postgreSQL data dir) it tells me that owner and permissions are wrong.
It seems to me that they are only "wrong" by PostgreSQL's opinion. How
can I use this certificate and key for PostgreSQL (without copying the
key and changing owner and permissions etc, because then the whole idea
of centrally coordinated certificates is gone)?
I checked the archives. A lot of comments considering the unclear error
messages in previous versions, this has been solved IMHO. Also some
comments and patches to remove these checks, concluded by comments that
they must remain. All in all, it still doesn't work for my situation.
Would it be nice to have a configuration-file option to disable these
checks? Maybe possibly even configurable locations of these files,
instead of the defaults in the PostgreSQL data dir?
Kind regards and thanks in advance,
Simon de Hartog
--
"From every point in life, there's a road that leads to where you
want to go."
E: simon <at-sign> dehartog <point> nl
W: http://simon.dehartog.nl/
P: +31-6-15094709
M: simon_net <at-sign> rootsr <point> com
I: 8714776
K: http://www.rootsr.com/simon.crt