Thread: Yum Install postgresql93 with SSL

Yum Install postgresql93 with SSL

From
Kido Kouassi
Date:
Hello Admins,

I am looking to Install PostgreSQL using the Yum Install on CentOS 6 With support for SSL but is is not working.

My question is: am I doing it wrong or the only way to have SSL support is to build from source?

Here is what I did:

I used the following sequence to install

1- yum install postgresql93-server.x86_64 postgresql93-jdbc.x86_64 postgresql93.x86_64 postgresql93-contrib.x86_64 postgresql93-pltcl.x86_64 postgresql93-plpython.x86_64 postgresql93-odbc.x86_64 postgresql93-libs.x86_64

2- service postgresql-9.3 initdb

3- service postgresql-9.3 start

at the first try database started with no issue,

then I copied the Cert and keys files, to the data folder,

modified the postgresql.conf with

ssl = on      
#ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH'      
                      
#ssl_renegotiation_limit = 512MB   
ssl_cert_file = 'server.crt'     
ssl_key_file = 'server.key'  
ssl_ca_file = 'root.crt'             
#ssl_crl_file = ''

After this I change ownership of the whole data folder to postgres user and restarted the service.


1- The service did not start

2- Nothing was logged in the log file.



Thank you in advance for your help,


--Kido K                

Re: Yum Install postgresql93 with SSL

From
John Scalia
Date:
Not absolutely certain, but you may need to use an explicit path to those SSL files. Something like "/var/lib/pgsql/9.3/data/server.crt", etc...

--
Jay

On 12/15/2014 12:58 PM, Kido Kouassi wrote:
Hello Admins,

I am looking to Install PostgreSQL using the Yum Install on CentOS 6 With support for SSL but is is not working.

My question is: am I doing it wrong or the only way to have SSL support is to build from source?

Here is what I did:

I used the following sequence to install

1- yum install postgresql93-server.x86_64 postgresql93-jdbc.x86_64 postgresql93.x86_64 postgresql93-contrib.x86_64 postgresql93-pltcl.x86_64 postgresql93-plpython.x86_64 postgresql93-odbc.x86_64 postgresql93-libs.x86_64

2- service postgresql-9.3 initdb

3- service postgresql-9.3 start

at the first try database started with no issue,

then I copied the Cert and keys files, to the data folder,

modified the postgresql.conf with

ssl = on      
#ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH'      
                      
#ssl_renegotiation_limit = 512MB   
ssl_cert_file = 'server.crt'     
ssl_key_file = 'server.key'  
ssl_ca_file = 'root.crt'             
#ssl_crl_file = ''

After this I change ownership of the whole data folder to postgres user and restarted the service.


1- The service did not start

2- Nothing was logged in the log file.



Thank you in advance for your help,


--Kido K                


Re: Yum Install postgresql93 with SSL

From
Tom Lane
Date:
> On 12/15/2014 12:58 PM, Kido Kouassi wrote:
>> I used the following sequence to install
>>
>> 1- yum install postgresql93-server.x86_64 postgresql93-jdbc.x86_64 postgresql93.x86_64 postgresql93-contrib.x86_64
postgresql93-pltcl.x86_64postgresql93-plpython.x86_64  
>> postgresql93-odbc.x86_64 postgresql93-libs.x86_64
>>
>> 2- service postgresql-9.3 initdb
>>
>> 3-service postgresql-9.3 start
>>
>> at the first try database started with no issue,
>>
>> then I copied the Cert and keys files, to the data folder,
>>
>> modified the postgresql.conf with
>>
>> ssl = on
>> #ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH'
>>
>> #ssl_renegotiation_limit = 512MB
>> ssl_cert_file = 'server.crt'
>> ssl_key_file = 'server.key'
>> ssl_ca_file = 'root.crt'
>> #ssl_crl_file = ''
>>
>> After this I change ownership of the whole data folder to postgres user and restarted the service.
>>
>>
>> 1- The service did not start
>>
>> 2- Nothing was logged in the log file.

I'd bet this has nothing to do with SSL and lots to do with the "change
ownership" step.  You sure you did that right?

            regards, tom lane


Re: Yum Install postgresql93 with SSL

From
Kido Kouassi
Date:
Hello Jay,

I just just updated my postgresql.conf to use explicit paths for server.key, server.crt and root.crt, still not working.

Thank you for trying though,

-- Kido K


On Mon, Dec 15, 2014 at 1:10 PM, John Scalia <jayknowsunix@gmail.com> wrote:
Not absolutely certain, but you may need to use an explicit path to those SSL files. Something like "/var/lib/pgsql/9.3/data/server.crt", etc...

--
Jay


On 12/15/2014 12:58 PM, Kido Kouassi wrote:
Hello Admins,

I am looking to Install PostgreSQL using the Yum Install on CentOS 6 With support for SSL but is is not working.

My question is: am I doing it wrong or the only way to have SSL support is to build from source?

Here is what I did:

I used the following sequence to install

1- yum install postgresql93-server.x86_64 postgresql93-jdbc.x86_64 postgresql93.x86_64 postgresql93-contrib.x86_64 postgresql93-pltcl.x86_64 postgresql93-plpython.x86_64 postgresql93-odbc.x86_64 postgresql93-libs.x86_64

2- service postgresql-9.3 initdb

3- service postgresql-9.3 start

at the first try database started with no issue,

then I copied the Cert and keys files, to the data folder,

modified the postgresql.conf with

ssl = on      
#ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH'      
                      
#ssl_renegotiation_limit = 512MB   
ssl_cert_file = 'server.crt'     
ssl_key_file = 'server.key'  
ssl_ca_file = 'root.crt'             
#ssl_crl_file = ''

After this I change ownership of the whole data folder to postgres user and restarted the service.


1- The service did not start

2- Nothing was logged in the log file.



Thank you in advance for your help,


--Kido K                


Re: Yum Install postgresql93 with SSL

From
Kido Kouassi
Date:
hello Tom,

Thanks a bunch,

The ownership was right but I my permissions were wrong.

I had -rw-r--r--  on my cert files after I changed it to -rwx------ everything started working.

You guys are awesome,

Thanks again,

-- Kido



On Mon, Dec 15, 2014 at 1:17 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> On 12/15/2014 12:58 PM, Kido Kouassi wrote:
>> I used the following sequence to install
>>
>> 1- yum install postgresql93-server.x86_64 postgresql93-jdbc.x86_64 postgresql93.x86_64 postgresql93-contrib.x86_64 postgresql93-pltcl.x86_64 postgresql93-plpython.x86_64
>> postgresql93-odbc.x86_64 postgresql93-libs.x86_64
>>
>> 2- service postgresql-9.3 initdb
>>
>> 3-service postgresql-9.3 start
>>
>> at the first try database started with no issue,
>>
>> then I copied the Cert and keys files, to the data folder,
>>
>> modified the postgresql.conf with
>>
>> ssl = on
>> #ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH'
>>
>> #ssl_renegotiation_limit = 512MB
>> ssl_cert_file = 'server.crt'
>> ssl_key_file = 'server.key'
>> ssl_ca_file = 'root.crt'
>> #ssl_crl_file = ''
>>
>> After this I change ownership of the whole data folder to postgres user and restarted the service.
>>
>>
>> 1- The service did not start
>>
>> 2- Nothing was logged in the log file.

I'd bet this has nothing to do with SSL and lots to do with the "change
ownership" step.  You sure you did that right?

                        regards, tom lane