Martin Goodson <kaemaril@googlemail.com> writes: > Or am I stuck with either requesting a new certificate without the > passphrase or going to PostgreSQL 11?
AFAIK, those are your options. Pre-v11 there was no reasonable way to work with a server cert that requires a passphrase.
It should certainly be possible to remove the passphrase permanently from the received certificate again, no need for a new one. Well, technically the passphrase is on the key, and you remove it with something like:
openssl rsa -in current.key -out new.key
That'll ask for a passphrase for the old key, and write the new one out without.