Re: Changed SSL Certificates - Mailing list pgsql-general

From Diego Schulz
Subject Re: Changed SSL Certificates
Date
Msg-id BANLkTikYcO3XSD9KnvjDPynM3vH1SoUfOA@mail.gmail.com
Whole thread Raw
In response to Re: Changed SSL Certificates  (Carlos Mennens <carlos.mennens@gmail.com>)
List pgsql-general


On Fri, Apr 8, 2011 at 2:21 PM, Carlos Mennens <carlos.mennens@gmail.com> wrote:
On Fri, Apr 8, 2011 at 1:15 PM, Diego Schulz <dschulz@gmail.com> wrote:
> Hi,
> When linking to the certificate and key you should specify the full path.
> ln -s /etc/ssl/certs/db1_ssl.crt      /full/path/to/db1_ssl.crt
> ln -s /etc/ssl/private/db1_ssl.key   /full/path/to/db1_ssl.key

Thanks for the quick reply Diego. I posted the commands above and I
used the full path to the certificates as you can see. Here's the
info:

lrwxrwxrwx 1 postgres postgres   26 Apr  8 10:43 db1_ssl.crt ->
/etc/ssl/certs/db1_ssl.crt
lrwxrwxrwx 1 postgres postgres   28 Apr  8 10:50 db1_ssl.key ->
/etc/ssl/private/db1_ssl.key

The 1st part is just the symbolic link referenced in
/var/lib/postgresql/8.4/main but you can see it knows to reference the
symbolic links to /etc/ssl/...

I'm thinking there's some random configuration file for PostgreSQL
that has pointers to the old server.crt and server.key files but I've
searched /etc/postgres/ and /var/lib/postgresql/8.4/main completely
and can't find it what so ever. I am not authorized to disable SSL per
DoD standards / requirements sadly.

Any thing else I am missing? I can't be the 1st person to switch SSL
certificates during utilization.


Make sure the files have the right ownership and permissions.
It looks like ownership is correct (postgres:postgres) but permissions might be too loose.
Try chmod 400 on your key and certificate and see what happens.

cheers,

diego


pgsql-general by date:

Previous
From: Gipsz Jakab
Date:
Subject: Re: PostgreSQL + FreeBSD memory configuration, and an issue
Next
From: Adrian Klaver
Date:
Subject: Re: Changed SSL Certificates