Thread: ssl with pem password

ssl with pem password

From
"Luca Stancapiano"
Date:
hi.....I'm trying to use postgresql in mode ssl and I would to use a
private key that uses a pem password.  When I launch postgres with
postgres user and my server.key and server.crt in my home ,in this mode:

echo password | /usr/bin/postmaster -il -p '5432' -D '/home/data'

I see this message:

Enter PEM pass phrase


but I would a thing more automatic without that password request. Is it
possible?

Re: ssl with pem password

From
Tom Lane
Date:
"Luca Stancapiano" <l.stancapiano@k-tech.it> writes:
> hi.....I'm trying to use postgresql in mode ssl and I would to use a
> private key that uses a pem password.  When I launch postgres with
> postgres user and my server.key and server.crt in my home ,in this mode:

> echo password | /usr/bin/postmaster -il -p '5432' -D '/home/data'

> I see this message:

> Enter PEM pass phrase

> but I would a thing more automatic without that password request. Is it
> possible?

If you want the server to launch without a password, you have to alter
the server key file to remove its password.  See the documentation.

The above is hardly a more-secure approach, since anyone who can look at
the script (or happen to see the "echo" executing in ps) can find out
the password.  You might as well rely on file permissions to prevent
people from getting at the password-less key file.

            regards, tom lane

Re: ssl with pem password

From
"Luca Stancapiano"
Date:
> "Luca Stancapiano" <l.stancapiano@k-tech.it> writes:
>> hi.....I'm trying to use postgresql in mode ssl and I would to use a
>> private key that uses a pem password.  When I launch postgres with
>> postgres user and my server.key and server.crt in my home ,in this mode:
>
>> echo password | /usr/bin/postmaster -il -p '5432' -D '/home/data'
>
>> I see this message:
>
>> Enter PEM pass phrase
>
>> but I would a thing more automatic without that password request. Is it
>> possible?
>
> If you want the server to launch without a password, you have to alter
> the server key file to remove its password.  See the documentation.
>
> The above is hardly a more-secure approach, since anyone who can look at
> the script (or happen to see the "echo" executing in ps) can find out
> the password.  You might as well rely on file permissions to prevent
> people from getting at the password-less key file.
>
>             regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: don't forget to increase your free space map settings
>

sorry but I would really to use the key with password because I use a gpg
system that hide the real password....It's possible with postgres to use a
thing like this?

echo crypted_password | /usr/bin/postmaster -il -p '5432' -D '/home/data'