Re: using SSL in psql

Willy-Bas Loos wrote:
> Hi,
>
> How, using psql, can i connect to a PostgreSQL server that has
> "sslhost" in the pg_hba.conf file?
> I can't find the SSL option in the manpage.
>
> thx,
>
> WBL
Make sure both your server and client have ssl support compiled in. I'm
not sure if that's there by default with the provided binaries, but if
you compiled your own, you specified --with-openssl. Checking pg_config
will be helpful here.

Make sure your server is really configured to provide SSL support.
ssl=on in the postgresql.conf, and be sure to have at least server.key
and server.crt (and optionally your root.crt and root.crl).

Make sure to ask for an ssl connection, especially if you have both ssl
and non-ssl options in the pg_hba.conf. Use the environment variable
PGSSLMODE=require to force the issue and test with psql.

If successful, you will see a line similar to this above the ready prompt:

[Usual welcome banner snipped]
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

yourdb=>

Alternatively, the only programmatic way to tell that I know if is the
pgsslinfo contrib module, where you can install the function
ssl_is_used() in your db.

Manual re: server setup for SSL:
http://www.postgresql.org/docs/8.3/interactive/ssl-tcp.html

Useful environment variables for the client:
http://www.postgresql.org/docs/current/static/libpq-envars.html

Regards,
Paul