RE: Setting up SSL for postgre

From: "Mark Williams" <markwillimas(at)gmail(dot)com>
To: "'Bear Giles'" <bgiles(at)coyotesong(dot)com>
Cc: <pgsql-admin(at)lists(dot)postgresql(dot)org>
Subject: RE: Setting up SSL for postgre
Date: 2018-08-13 19:57:10
Message-ID: 034901d4333f$d2aa7650$77ff62f0$@gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

What do you mean by “change the ssl cert file and key”

Pg_hba.conf

# TYPE DATABASE USER CIDR-ADDRESS METHOD

# IPv4 local & remote connections:

host all all 127.0.0.1/32 trust

hostssl all www-data 0.0.0.0/0 md5 clientcert=1

hostssl all postgres 0.0.0.0/0 md5 clientcert=1

# IPv6 local connections:

host all all ::1/128 trust

Postgresql.conf

ssl = on

#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers

#ssl_prefer_server_ciphers = on

#ssl_ecdh_curve = 'prime256v1'

#ssl_dh_params_file = ''

ssl_cert_file = 'server.crt'

ssl_key_file = 'server.key'

ssl_ca_file = 'root.crt'

#ssl_crl_file = ''

Thanks

__

From: Bear Giles <bgiles(at)coyotesong(dot)com>
Sent: 13 August 2018 20:01
To: Mark Williams <markwillimas(at)gmail(dot)com>
Cc: pgsql-admin(at)lists(dot)postgresql(dot)org
Subject: Re: Setting up SSL for postgre

What's in pg_hba.conf?

What's in postgresql.conf? Did you remember to change the ssl cert file and key? For authentication I think you might need to set the SSL ca file as well but I'm not sure.

On Mon, Aug 13, 2018 at 10:55 AM, Mark Williams <markwillimas(at)gmail(dot)com <mailto:markwillimas(at)gmail(dot)com> > wrote:

I am new to Postgre. Migrating from MySQL.

I am trying to connect via SSL to a PostgreSQL using FireDac in Delphi. I have followed the instructions at the following site: <https://www.howtoforge.com/postgresql-ssl-certificates> https://www.howtoforge.com/postgresql-ssl-certificates to create my self-certified certificates and configure the config files.

I have coped the specified files to the client machine and installed the root.crt certificate.

Via FireDAC's connection params I have specified the following:

Params.values[SSL_ca']:=sslCertsPath+'root.crt';
Params.values['SSL_cert']:=sslCertsPath+'postgresql.crt.';
Params.values['SSL_key']:=sslCertsPath+'postgresql.key';

I am getting a connection error re invalid client certificate.

I have used OpenSSL to verify against the root.crt and postgresql.crt and this confirms the certificate is ok.

Mark

__

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Mariel Cherkassky 2018-08-13 20:34:46 increase insert into local table from remote oracle table preformance
Previous Message Joe Conway 2018-08-13 19:14:09 Re: Secure dump file