Home > mailing lists

Re: Any advantage of using SSL with a certificate of authority? - Mailing list pgsql-general

From	Vick Khera
Subject	Re: Any advantage of using SSL with a certificate of authority?
Date	November 26, 2013 22:19:06
Msg-id	CALd+dcfTdCBJiqHu=t8zzswkPW6SiGntaD=8rou3JT88dQimfg@mail.gmail.com Whole thread Raw
In response to	Re: Any advantage of using SSL with a certificate of authority? (Bruce Momjian <bruce@momjian.us>)
Responses	Re: Any advantage of using SSL with a certificate of authority?
List	pgsql-general

Tree view

On Tue, Nov 26, 2013 at 1:31 PM, Bruce Momjian <bruce@momjian.us> wrote:

Well, by using a CA you are giving the CA rights to the key, while you
fully control a self signed key. Since you probably don't expect
unknown individuals to be connecting to your database, and self signed
key is recommended.

You never give the key to them, just a signing request based on the key. You lose no control over anything. They will in general insist your key be at least 2048 bits.

The only advantage of having a CA key is if the client does authentication of the server, and you have no prior arrangement with the client to accept a certificate from your signing authority.

Using self-signed certs you can give them longevity of 10+ years, so never have to worry about them again :)

pgsql-general by date:

From: Alvaro Herrera
Date: 26 November 2013, 22:18:29
Subject: Re: AccessShareLock and Resource Contention

From: Andrew Sullivan
Date: 26 November 2013, 22:35:02
Subject: Re: Any advantage of using SSL with a certificate of authority?

Re: Any advantage of using SSL with a certificate of authority? - Mailing list pgsql-general

Previous

Next