Re: PostgreSQL 9.3.5 - Enable SSL

On Fri, Feb 19, 2016 at 5:28 PM, <shyamkant(dot)dhamke(at)wipro(dot)com> wrote:

> Hello All,
>
> I need help on following.
>
> Current Setup -
> We have PostgreSQL 9.3.5 running on RedHAT Linux 6 without SSL enabled &
> have database of size 150 GB & we have C & .Net application connecting to
> the database.
>
> Changes required in current Setup
> We need to enable SSL on PGSQL 9.3.5 . Please let me know the steps to be
> performed so that I can enable SSL & use existing database.
>

You need to have OpenSSL software installed on the database server. If not
you can use yum install to install openssl software or can download the
appropriate openssl version from the below link -

https://www.openssl.org/

PostgreSQL needs to be compiled with "--with-openssl" option. Following
link has the required information to generate certificate and key files
post which you need to configure ssl* parameters in postgresql.conf file -

http://www.postgresql.org/docs/9.3/static/ssl-tcp.html

> Also what is required for applications (C & .net) to connect to database.
>

"hostssl" entry needs to be made in the pg_hba.conf file for the
application servers intending connect to PostgreSQL cluster in SSL mode. I
believe you must be using npgsql driver to connect to PostgreSQL, you need
to configure npgsql driver to send ssl mode connections to postgresql. By
default SSL mode is "off" for npgsql driver. Please refer to the below
link.

http://www.npgsql.org/doc/security.html

Regards,
Venkata B N

Fujitsu Australia