Thread: using SSL client certs?
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 hi all, i've been successfully running pgsql812 on OSX 10.4.4 w/ SSL=ON. i've all pg_hba.conf auths set to 'hostssl'. only "server.key" & "server.crt" exist in my data dir; i.e. -- i'm using SSL for "communication security but not authentication". now, i'd like to use client certs for authentication. step 1 is, of course, add root.crt to the DATA_DIR. that's done. what now? where/how do i add the client certs? is there an appropriate docs reference? chapters 16.7/16.9 don't clarify at all ... thx! richard - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkPPRLQACgkQlffdvTZxCMYaNACfQWf0xs3KZEzcbHLt4thCGTwM WbsAoK+6o65P5H5/T7GFyS6hdZISLhcL =ueAf -----END PGP SIGNATURE-----
OpenMacNews <openmacnews@gmail.com> writes: > what now? where/how do i add the client certs? For libpq-based clients, see the libpq docs http://www.postgresql.org/docs/8.1/static/libpq-ssl.html Dunno about other client-side libraries. regards, tom lane
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 hi tom, > For libpq-based clients, see the libpq docs > http://www.postgresql.org/docs/8.1/static/libpq-ssl.html > > Dunno about other client-side libraries. good enuf. exactly what i needed. also, is is possible to 'point' -- probably in postgresql.conf -- at other paths/filenames for the certs/keys? e.g., other than "/path/to/DATA_DIR/server.crt" etc etc? thx! richard - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (Darwin) iEYEAREDAAYFAkPPSS8ACgkQlffdvTZxCMYEOgCeIULExm0xexnA7jD3PotwabX3 FZoAnjBNRkOg4X7k3HC8Vs0ZMk+Nn68O =D/Dx -----END PGP SIGNATURE-----