| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | Paul Jungwirth <pj(at)illuminatedcomputing(dot)com> |
| Cc: | pgsql <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Refresh Postgres SSL certs? |
| Date: | 2014-04-09 19:35:51 |
| Message-ID: | 20140409193551.GA7062@svana.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Apr 09, 2014 at 12:28:14PM -0700, Paul Jungwirth wrote:
> Hello,
>
> In light of the "Heartbleed" OpenSSL bug[0,1], I'm wondering if I need
> to regenerate the SSL certs on my postgres installations[2] (at least
> the ones listening on more than localhost)? On Ubuntu it looks like
> there are symlinks at /var/lib/postgresql/9.1/main/server.{crt,key}
> pointing to /etc/ssl/private/ssl-cert-snakeoil.{pem,key}. Is there any
> documentation on how to regenerate these? Are they self-signed? Can I
> replace them with my own self-signed certs, like I'd do with Apache or
> Nginx?
Have you read the Debian README?
/usr/share/doc/postgresql-*/README.Debian.gz
It talks about how the certificates are made. It uses the ssl-cert
package to make them, there's more docs there.
Yes, you can make your own self-signed certs and use them.
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> He who writes carelessly confesses thereby at the very outset that he does
> not attach much importance to his own thoughts.
-- Arthur Schopenhauer
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Paul Jungwirth | 2014-04-09 19:59:53 | Re: Refresh Postgres SSL certs? |
| Previous Message | Paul Jungwirth | 2014-04-09 19:28:14 | Refresh Postgres SSL certs? |