using SSL client certs?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hi all,
i've been successfully running pgsql812 on OSX 10.4.4 w/ SSL=ON.
i've all pg_hba.conf auths set to 'hostssl'.
only "server.key" & "server.crt" exist in my data dir; i.e. -- i'm using SSL for "communication
security but not authentication".
now, i'd like to use client certs for authentication.
step 1 is, of course, add root.crt to the DATA_DIR. that's done.
what now? where/how do i add the client certs? is there an appropriate docs reference? chapters
16.7/16.9 don't clarify at all ...
thx!
richard
- --
/"\
\ / ASCII Ribbon Campaign
X against HTML email, vCards
/ \ & micro$oft attachments
[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
iEYEAREDAAYFAkPPRLQACgkQlffdvTZxCMYaNACfQWf0xs3KZEzcbHLt4thCGTwM
WbsAoK+6o65P5H5/T7GFyS6hdZISLhcL
=ueAf
-----END PGP SIGNATURE-----
OpenMacNews <openmacnews@gmail.com> writes:
what now? where/how do i add the client certs?
For libpq-based clients, see the libpq docs
http://www.postgresql.org/docs/8.1/static/libpq-ssl.html
Dunno about other client-side libraries.
regards, tom lane
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hi tom,
For libpq-based clients, see the libpq docs
http://www.postgresql.org/docs/8.1/static/libpq-ssl.htmlDunno about other client-side libraries.
good enuf. exactly what i needed.
also, is is possible to 'point' -- probably in postgresql.conf -- at other paths/filenames for
the certs/keys? e.g., other than "/path/to/DATA_DIR/server.crt" etc etc?
thx!
richard
- --
/"\
\ / ASCII Ribbon Campaign
X against HTML email, vCards
/ \ & micro$oft attachments
[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
iEYEAREDAAYFAkPPSS8ACgkQlffdvTZxCMYEOgCeIULExm0xexnA7jD3PotwabX3
FZoAnjBNRkOg4X7k3HC8Vs0ZMk+Nn68O
=D/Dx
-----END PGP SIGNATURE-----