Re: SSL root.crt not loading - Mailing list pgsql-novice
| From | Marc-André Laverdière |
|---|---|
| Subject | Re: SSL root.crt not loading |
| Date | |
| Msg-id | 4DB578DF.5060707@atc.tcs.com Whole thread Raw |
| In response to | SSL root.crt not loading (Marc-André Laverdière <marc-andre@atc.tcs.com>) |
| Responses |
Re: SSL root.crt not loading
(Grzegorz Szpetkowski <gszpetkowski@gmail.com>)
Re: SSL root.crt not loading (Tom Lane <tgl@sss.pgh.pa.us>) |
| List | pgsql-novice |
Anyone??? Marc-André Laverdière Software Security Scientist Innovation Labs, Tata Consultancy Services Hyderabad, India On Monday 28 March 2011 10:23 AM, Marc-André Laverdière wrote: > Hello everyone, > > I'm a postgres n00b and I'm trying to configure my installation to work > with certificate authentication. > > It is not working for me, and it seems that the sysadmin community > doesn't have any hints for me either :( > > I am reposting my question on ServerFault in hopes that a psql guru will > read it (see > http://serverfault.com/questions/248522/postgresql-ssl-root-crt-not-loading) > > I am running PostgreSQL 9 on Ubuntu (from their PPA repository). I am > using OpenSSL 0.9.8o. > > I have generated keys and certificates using TinyCA2 for both a pg > server and the psql client. I essentially followed the instructions. > > My pg_hba.conf file is configured with this: > hostssl all abc ::1/128 cert clientcert=1 > > I have put the root certificate generated by TinyCA along with the > server's certificate and key in the DATA directory as follows. > > sudo unzip database_server.zip > sudo mv sudo mv cacert.pem root.crt > sudo mv cert.pem server.crt > sudo openssl rsa -in key.pem -out server.key > sudo chmod 0600 server.key > sudo chmod ga=r root.crt > sudo chown postgres:postgres root.crt server.key server.crt > > Yet I am unable to start the server. This is what I get on startup: > > $ sudo /etc/init.d/postgresql start 9.0 > * Starting PostgreSQL 9.0 database server > * The PostgreSQL server failed to start. Please check the log output: > 2011-03-17 16:39:13 IST LOG: client certificates can only be checked > if a root certificate store is available > 2011-03-17 16:39:13 IST HINT: Make sure the root.crt file is present > and readable. > 2011-03-17 16:39:13 IST CONTEXT: line 93 of configuration file > "/etc/postgresql/9.0/main/pg_hba.conf" > 2011-03-17 16:39:13 IST FATAL: could not load pg_hba.conf > > Interestingly, the root.crt file is very much present and readable: > > $ ll > <snip> > -rw-r--r-- 1 postgres postgres 143 2010-12-01 17:06 pg_ctl.conf > -rw-r----- 1 postgres postgres 4.3K 2011-03-17 16:35 pg_hba.conf > -rw-r----- 1 postgres postgres 1.7K 2011-03-17 15:58 pg_ident.conf > -rw-r--r-- 1 postgres postgres 18K 2011-02-07 18:38 postgresql.conf > -rw-r--r-- 1 postgres postgres 2.8K 2011-03-17 16:39 root.crt > -rw------- 1 postgres postgres 2.2K 2011-03-17 14:37 server.crt > -rw------- 1 postgres postgres 891 2011-03-17 16:18 server.key > -rw------- 1 postgres postgres 963 2011-03-17 14:37 server.key.encrypted > > What is going on? What do I have to do for this certificate to load??? >
pgsql-novice by date: