Hello,
I have one query regarding client/server authentication using certificate in postgres.
I am able to establish client server connection with OpenSSL certificate creation.
We can create server and root certificates using OpenSSL and keep them in data directory.
We need to update field in postgresql.conf (example ssl = ON, ssl_cert_file = "Server.crt", ssl_key_file = "Server.key", also for client we need to create certificate and key and need to update it in user directory.
My query is, instead of using a physical certificate from a particular directory, can we use a certificate from the Windows certificate store for both server and client? Server will refer to the installed certificate from the server windows certificate store and the client will use the client windows certificate store.
Please let me know if such a thing we can use. if yes , please share some references.
Thanks and Regards,
Ashok
Hello Julien,
I need some more help regarding replication.
Where Primary server can switch to Standby server role and stand by server can switch to Primary server role.
In our case we maintain two servers Server1 and Server2.. Server1 will be active and Server2 will be passive.
In case when Server1 is crashed Server2 will be active in result it starts Keyclock instance and keyclock will connect with Standby postgres server.
As per current replication steps, we found that Standby server will always be in read only mode. we want to switch it to r/w mode and primary to read only mode.
or even it is ok both primary and stand by will always be in read-write mode. but both should replicate data.
I searched so many option on internet but did not found exact one.. Will you please propose me some good solutions..
Proper steps should be appreciable..
I don't know what KeyClock is, but I'm assuming that what you're looking for is a High Availability solution, not how to setup replication, as postgres itself only provides way to perform specific actions (promote a standby to primary, build a new standby...) and third-party tools adds the necessary logic for something more fancy. For general overview or how to perform a failover you can look at the documentation at
https://www.postgresql.org/docs/current/high-availability.html. If you're looking for a HA solution, I would recommend looking into Patroni:
https://patroni.readthedocs.io/en/latest/