Hi all,
I searched a lot to find if some one has written about this but could not find any successful attempt, hence thought of posting it here.
setting the sslmode='require' in the 'primary_conninfo' parameter in the recovery.conf file on standby server would make the standby server make an SSL connection with the master server for streaming replication.
If we want to authenticate the master server before we fetch data from it, then copy the CA certificate from the postgres server on master to $PG_DATA/.postgresql directory as 'root.crt' and set the above mentioned parameter to sslmode='verify-ca'.
complete string:
primary_conninfo='host=master port=5432 sslmode=require' or
primary_conninfo='host=master port=5432 sslmode=verify-ca'
However, I'm not sure how to confirm if the standby server is really making the connection to master and fetching the XLOG contents over SSL. I tried intercepting the traffic using wireshark but could not find any hint to that effect; all it says is that the traffic is over tcp.
Can someone suggest any way to confirm that this setting would really make streaming replication work of SSL?
Thanks and Regards,
Samba