| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Martin Goodson <kaemaril(at)googlemail(dot)com>, pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: SSL - automatic entry of certificate passphrase in PostgreSQL 10? |
| Date: | 2019-12-06 15:38:18 |
| Message-ID: | CABUevEy_rSWL0Mi2QsxtLyqrthK3pWd81J9Huwj90_CX91hq2w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Fri, Dec 6, 2019 at 4:22 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Martin Goodson <kaemaril(at)googlemail(dot)com> writes:
> > Or am I stuck with either requesting a new certificate without the
> > passphrase or going to PostgreSQL 11?
>
> AFAIK, those are your options. Pre-v11 there was no reasonable way
> to work with a server cert that requires a passphrase.
>
It should certainly be possible to remove the passphrase permanently from
the received certificate again, no need for a new one. Well, technically
the passphrase is on the key, and you remove it with something like:
openssl rsa -in current.key -out new.key
That'll ask for a passphrase for the old key, and write the new one out
without.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John Lumby | 2019-12-06 18:43:39 | Re: description of Aggregate Expressions |
| Previous Message | Tom Lane | 2019-12-06 15:22:41 | Re: SSL - automatic entry of certificate passphrase in PostgreSQL 10? |