Re: PostgreSQL 9.3.5 - Enable SSL - Mailing list pgsql-admin

From Venkata Balaji N
Subject Re: PostgreSQL 9.3.5 - Enable SSL
Date
Msg-id CAEyp7J8_yALC2VMZSWmB=QH6JoFJzHif7t0zcvhhuO7FKUGqLA@mail.gmail.com
Whole thread Raw
In response to PostgreSQL 9.3.5 - Enable SSL  (<shyamkant.dhamke@wipro.com>)
List pgsql-admin

On Mon, Feb 22, 2016 at 3:48 AM, <shyamkant.dhamke@wipro.com> wrote:
 

Please let me know if I have existing non-ssl setup how I can migrate it to SSL enabled setup?


Still you need to install postgresql with --with-openssl option on the existing postgresql binaries and restart the postgresql instance post installation.
 

 Also let me know in case streaming replication is on with non-SSL , do I need to follow same steps to enable SSL for replication server?


Replication has nothing to do with SSL as you want to enable SSL encryption to application connections. The process remains the same for slave server as well.

Regards,
Venkata B N

Fujitsu Australia

Sent:
21 February, 2016 3:29 PM

To: Shyamkant Dhamke (BAS) <shyamkant.dhamke@wipro.com>
Cc: scott.marlowe@gmail.com; drum.lucas@gmail.com; pgsql-admin <pgsql-admin@postgresql.org>
Subject: Re: [ADMIN] PostgreSQL 9.3.5 - Enable SSL

 

 

On Fri, Feb 19, 2016 at 5:28 PM, <shyamkant.dhamke@wipro.com> wrote:

Hello All,

I need help on following.

Current Setup -
We have PostgreSQL 9.3.5 running on RedHAT Linux 6 without SSL enabled & have database of size 150 GB & we have C & .Net application connecting to the database.

Changes required in current Setup
We need to enable SSL on PGSQL 9.3.5 . Please let me know the steps to be performed so that I can enable SSL & use existing database.

 

You need to have OpenSSL software installed on the database server. If not you can use yum install to install openssl software or can download the appropriate openssl version from the below link -

 

 

PostgreSQL needs to be compiled with "--with-openssl" option. Following link has the required information to generate certificate and key files post which you need to configure ssl* parameters in postgresql.conf file -

 

  

Also what is required for applications (C & .net) to connect to database.

 

"hostssl" entry needs to be made in the pg_hba.conf file for the application servers intending connect to PostgreSQL cluster in SSL mode. I believe you must be using npgsql driver to connect to PostgreSQL, you need to configure npgsql driver to send ssl mode connections to postgresql. By default SSL mode is "off" for npgsql driver. Please refer to the below link. 

 

 

 

Regards,

Venkata B N

 

Fujitsu Australia

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com

pgsql-admin by date:

Previous
From: Scott Marlowe
Date:
Subject: Re: [TIPS] Tuning PostgreSQL 9.2
Next
From: "drum.lucas@gmail.com"
Date:
Subject: Re: [TIPS] Tuning PostgreSQL 9.2