The owner of these new files needs to be the same as that of your Pg data dir in
general or postgresql.conf specifically, and that owner be the same as the
process that runs the Pg server. Are you running Pg as root? (In any event,
you should have another user; running programs or servers as root when they
don't need root powers is generally a bad idea.) -- Darren Duncan
Mike Christensen wrote:
> Hi, I'm trying to require SSL for Postgres connections from certain
> IPs.. This is on Postgres 9.0.
>
> First, I've followed the directions at:
>
> http://www.postgresql.org/docs/9.0/static/ssl-tcp.html
>
> I've created the files server.crt and server.key. I've also removed
> the passphrase from the key so Postgres can start automatically.
> Finally, I ran:
>
> chmod 0600 server.key
>
> The permissions on server.key are now:
>
> -rw------- 1 root root 887 Oct 10 03:42 server.key
>
> However, when I set ssl = on in postgresql.conf and start the server,
> I get the logged error:
>
> 2010-10-10 03:47:07 UTC FATAL: could not load private key file
> "server.key": Permission denied
>
> I'm logged on as root. Any ideas? Thanks!
>
> Mike
