Re: Log the incoming old SSL certs by pid or any way

From: Christoph Moench-Tegeder <cmt(at)burggraben(dot)net>
To: pgsql-general(at)lists(dot)postgresql(dot)org
Subject: Re: Log the incoming old SSL certs by pid or any way
Date: 2020-06-25 10:24:07
Message-ID: 20200625102407.GA20342@elch.exwg.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

## Durumdara (durumdara(at)gmail(dot)com):

> Do we have chance to log somewhere the connected client's certificate, or
> some info about it?

There's pg_stat_ssl, and if you had an recent version of PostgreSQL
(9.6 is too old for that), you'd even have the serial number of
the certificate in there:
https://www.postgresql.org/docs/12/monitoring-stats.html#PG-STAT-SSL-VIEW

On the other hand, you could check the certificates directly,
e.g. https://github.com/matteocorti/check_ssl_cert or even
just some scripting around openssl. (That assumes that you know
where those client certificates are).

Regards,
Christoph

--
Spare Space

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Bhalodiya, Chirag 2020-06-25 10:50:06 Re: PostGreSQL TDE encryption patch
Previous Message Patrick FICHE 2020-06-25 10:03:22 RE: PostGreSQL TDE encryption patch