| From: | Paul Jungwirth <pj(at)illuminatedcomputing(dot)com> |
|---|---|
| To: | pgsql <pgsql-general(at)postgresql(dot)org> |
| Subject: | Refresh Postgres SSL certs? |
| Date: | 2014-04-09 19:28:14 |
| Message-ID: | CA+6hpa=XK7D9D_BAo3TvV8+tf_sWeJGENObZUu_Po2iqUFwKoQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello,
In light of the "Heartbleed" OpenSSL bug[0,1], I'm wondering if I need
to regenerate the SSL certs on my postgres installations[2] (at least
the ones listening on more than localhost)? On Ubuntu it looks like
there are symlinks at /var/lib/postgresql/9.1/main/server.{crt,key}
pointing to /etc/ssl/private/ssl-cert-snakeoil.{pem,key}. Is there any
documentation on how to regenerate these? Are they self-signed? Can I
replace them with my own self-signed certs, like I'd do with Apache or
Nginx?
Thanks!
Paul
[0] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160
[1] http://heartbleed.com/
[2] http://www.postgresql.org/docs/9.1/static/ssl-tcp.html
--
_________________________________
Pulchritudo splendor veritatis.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2014-04-09 19:35:51 | Re: Refresh Postgres SSL certs? |
| Previous Message | Ovnicraft | 2014-04-09 17:30:53 | Re: openssl heartbleed |