Scribd
Upload
53 views3 pages

SSL in Postgres 9.5

4

Uploaded by

Stephen Efange Efange
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
53 views3 pages

SSL in Postgres 9.5

4

Uploaded by

Stephen Efange Efange
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

postgres=# SHOW ssl;

ssl
-----
off
(1 row)

postgres=# SELECT name, setting, source FROM pg_settings WHERE name = 'ssl';
name | setting | source
------+---------+---------
ssl | off | default
(1 row)

postgres=# \q
postgres@solaris11a:~$ whoami
postgres
postgres@solaris11a:~$ openssl req -new -text -out server.req
Generating a 2048 bit RSA private key
..........+++
....................................+++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:US
State or Province Name (full name) []:Virginia
Locality Name (eg, city) []:Reston
Organization Name (eg, company) []:FAA
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:faa.gov
Email Address []:

Please enter the following 'extra' attributes


to be sent with your certificate request
A challenge password []:
An optional company name []:
postgres@solaris11a:~$ ls -l
total 19
-rw-r--r-- 1 postgres postgres 156 Mar 6 20:55 local.cshrc
-rw-r--r-- 1 postgres postgres 97 Mar 6 20:55 local.login
-rw-r--r-- 1 postgres postgres 171 Mar 6 23:20 local.profile
-rw-r--r-- 1 postgres postgres 1834 Mar 7 08:22 privkey.pem
-rw-r--r-- 1 postgres postgres 3459 Mar 7 08:22 server.req
postgres@solaris11a:~$ openssl rsa -in privkey.pem -out server.key && rm
privkey.pem
Enter pass phrase for privkey.pem:
writing RSA key
postgres@solaris11a:~$ openssl req -x509 -in server.req -text -key server.key -out
server.crt
postgres@solaris11a:~$ echo $PGDATA

postgres@solaris11a:~$ cp server.key server.crt /usr/local/pgsql/data/


postgres@solaris11a:~$ ls -l /usr/local/pgsql/data/
total 134
-rw------- 1 postgres postgres 4 Mar 6 23:10 PG_VERSION
drwx------ 5 postgres postgres 5 Mar 6 23:10 base
drwx------ 2 postgres postgres 54 Mar 6 23:14 global
drwx------ 2 postgres postgres 3 Mar 6 23:10 pg_clog
drwx------ 2 postgres postgres 2 Mar 6 23:10 pg_commit_ts
drwx------ 2 postgres postgres 2 Mar 6 23:10 pg_dynshmem
-rw------- 1 postgres postgres 4468 Mar 6 23:10 pg_hba.conf
-rw------- 1 postgres postgres 1636 Mar 6 23:10 pg_ident.conf
drwx------ 4 postgres postgres 4 Mar 6 23:10 pg_logical
drwx------ 4 postgres postgres 4 Mar 6 23:10 pg_multixact
drwx------ 2 postgres postgres 3 Mar 6 23:12 pg_notify
drwx------ 2 postgres postgres 2 Mar 6 23:10 pg_replslot
drwx------ 2 postgres postgres 2 Mar 6 23:10 pg_serial
drwx------ 2 postgres postgres 2 Mar 6 23:10 pg_snapshots
drwx------ 2 postgres postgres 2 Mar 6 23:10 pg_stat
drwx------ 2 postgres postgres 5 Mar 7 08:24 pg_stat_tmp
drwx------ 2 postgres postgres 3 Mar 6 23:10 pg_subtrans
drwx------ 2 postgres postgres 2 Mar 6 23:10 pg_tblspc
drwx------ 2 postgres postgres 2 Mar 6 23:10 pg_twophase
drwx------ 3 postgres postgres 4 Mar 6 23:10 pg_xlog
-rw------- 1 postgres postgres 88 Mar 6 23:10 postgresql.auto.conf
-rw------- 1 postgres postgres 21495 Mar 6 23:10 postgresql.conf
-rw------- 1 postgres postgres 59 Mar 6 23:12 postmaster.opts
-rw------- 1 postgres postgres 79 Mar 6 23:12 postmaster.pid
-rw-r--r-- 1 postgres postgres 4346 Mar 7 08:25 server.crt
-rw-r--r-- 1 postgres postgres 1679 Mar 7 08:25 server.key

cd /usr/local/pgsql/data/

chown postgres server.key


chmod 600 server.key

ls -l

-rw-r--r-- 1 postgres postgres 4346 Mar 7 08:25 server.crt


-rw------- 1 postgres postgres 1679 Mar 7 08:25 server.key

vi postgresql.conf

ssl = on
ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'
ssl_cert_file = 'server.crt'
ssl_key_file = 'server.key'
password_encryption = on

Verify:

#authentication_timeout = 1min # 1s-600s


ssl = on # (change requires restart)
ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
# (change requires restart)
#ssl_prefer_server_ciphers = on # (change requires restart)
#ssl_ecdh_curve = 'prime256v1' # (change requires restart)
ssl_cert_file = 'server.crt' # (change requires restart)
ssl_key_file = 'server.key' # (change requires restart)
#ssl_ca_file = '' # (change requires restart)
#ssl_crl_file = '' # (change requires restart)
password_encryption = on
#db_user_namespace = off
#row_security = on

postgres@solaris11a:/usr/local/pgsql/data$ nano postgresql.conf


postgres@solaris11a:/usr/local/pgsql/data$ less postgresql.conf
postgres@solaris11a:/usr/local/pgsql/data$ pg_ctl -D /usr/local/pgsql/data -l
/usr/local/pgsql/data/postmaster.log restart
waiting for server to shut down.... done
server stopped
server starting
postgres@solaris11a:/usr/local/pgsql/data$ psql
psql (9.5.22)
Type "help" for help.

postgres=# show ssl;


ssl
-----
on
(1 row)

You might also like