Home > mailing lists

Re: SSL - automatic entry of certificate passphrase in PostgreSQL 10? - Mailing list pgsql-admin

From	Magnus Hagander
Subject	Re: SSL - automatic entry of certificate passphrase in PostgreSQL 10?
Date	December 6, 2019 18:38:18
Msg-id	CABUevEy_rSWL0Mi2QsxtLyqrthK3pWd81J9Huwj90_CX91hq2w@mail.gmail.com Whole thread Raw
In response to	Re: SSL - automatic entry of certificate passphrase in PostgreSQL 10? (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-admin

Tree view

On Fri, Dec 6, 2019 at 4:22 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:

Martin Goodson <kaemaril@googlemail.com> writes:
> Or am I stuck with either requesting a new certificate without the
> passphrase or going to PostgreSQL 11?

AFAIK, those are your options. Pre-v11 there was no reasonable way
to work with a server cert that requires a passphrase.

It should certainly be possible to remove the passphrase permanently from the received certificate again, no need for a new one. Well, technically the passphrase is on the key, and you remove it with something like:

openssl rsa -in current.key -out new.key

That'll ask for a passphrase for the old key, and write the new one out without.

Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/

pgsql-admin by date:

From: Tom Lane
Date: 06 December 2019, 18:22:41
Subject: Re: SSL - automatic entry of certificate passphrase in PostgreSQL 10?

From: "Vasanth Kumar Pediseti"
Date: 07 December 2019, 00:45:06
Subject: Re: SSL - automatic entry of certificate passphrase in PostgreSQL 10?

Re: SSL - automatic entry of certificate passphrase in PostgreSQL 10? - Mailing list pgsql-admin

Previous

Next