Re: PostgreSQL 9.3.5 - Enable SSL

On Mon, Feb 22, 2016 at 3:48 AM, <shyamkant(dot)dhamke(at)wipro(dot)com> wrote:

> Please let me know if I have existing non-ssl setup how I can migrate it
> to SSL enabled setup?
>

Still you need to install postgresql with --with-openssl option on the
existing postgresql binaries and restart the postgresql instance post
installation.

> Also let me know in case streaming replication is on with non-SSL , do I
> need to follow same steps to enable SSL for replication server?
>

Replication has nothing to do with SSL as you want to enable SSL encryption
to application connections. The process remains the same for slave server
as well.

Regards,
Venkata B N

Fujitsu Australia

*Sent:* 21 February, 2016 3:29 PM

> *To:* Shyamkant Dhamke (BAS) <shyamkant(dot)dhamke(at)wipro(dot)com>
> *Cc:* scott(dot)marlowe(at)gmail(dot)com; drum(dot)lucas(at)gmail(dot)com; pgsql-admin <
> pgsql-admin(at)postgresql(dot)org>
> *Subject:* Re: [ADMIN] PostgreSQL 9.3.5 - Enable SSL
>
>
>
>
>
> On Fri, Feb 19, 2016 at 5:28 PM, <shyamkant(dot)dhamke(at)wipro(dot)com> wrote:
>
> Hello All,
>
> I need help on following.
>
> Current Setup -
> We have PostgreSQL 9.3.5 running on RedHAT Linux 6 without SSL enabled &
> have database of size 150 GB & we have C & .Net application connecting to
> the database.
>
> Changes required in current Setup
> We need to enable SSL on PGSQL 9.3.5 . Please let me know the steps to be
> performed so that I can enable SSL & use existing database.
>
>
>
> You need to have OpenSSL software installed on the database server. If not
> you can use yum install to install openssl software or can download the
> appropriate openssl version from the below link -
>
>
>
> https://www.openssl.org/
>
>
>
> PostgreSQL needs to be compiled with "--with-openssl" option. Following
> link has the required information to generate certificate and key files
> post which you need to configure ssl* parameters in postgresql.conf file -
>
>
>
> http://www.postgresql.org/docs/9.3/static/ssl-tcp.html
>
>
>
> Also what is required for applications (C & .net) to connect to database.
>
>
>
> "hostssl" entry needs to be made in the pg_hba.conf file for the
> application servers intending connect to PostgreSQL cluster in SSL mode. I
> believe you must be using npgsql driver to connect to PostgreSQL, you need
> to configure npgsql driver to send ssl mode connections to postgresql. By
> default SSL mode is "off" for npgsql driver. Please refer to the below
> link.
>
>
>
> http://www.npgsql.org/doc/security.html
>
>
>
>
>
> Regards,
>
> Venkata B N
>
>
>
> Fujitsu Australia
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s) and
> may contain proprietary, confidential or privileged information. If you are
> not the intended recipient, you should not disseminate, distribute or copy
> this e-mail. Please notify the sender immediately and destroy all copies of
> this message and any attachments. WARNING: Computer viruses can be
> transmitted via email. The recipient should check this email and any
> attachments for the presence of viruses. The company accepts no liability
> for any damage caused by any virus transmitted by this email.
> www.wipro.com
>