PostgreSQL SSL root.crt not loading

postgresql ssl ssl-certificate public-key

Solution 1:

Permissions are OK. I have working:

-rw-r--r--  1 postgres postgres  615 2011-04-25 16:23 root.crt
-rw-------  1 postgres postgres  692 2011-04-25 17:20 server.crt
-rw-------  1 postgres postgres  887 2011-04-25 17:17 server.key

Try to put this files in data directory (/var/lib/postgresql/9.0/{clustername}), not config directory (/etc/postgresql/9.0/{clustername}).

When cluster is created there are automatically provided snakeoil server.key and server.crt in data directory, but there is no root.crt. Probably you put your certs in config directory.

To start in SSL mode, the files server.crt and server.key must exist in the server's data directory. These files should contain the server certificate and private key, respectively. If the private key is protected with a passphrase, the server will prompt for the passphrase and will not start until it has been entered.

To require the client to supply a trusted certificate, place certificates of the certificate authorities (CA) you trust in the file root.crt in the data directory.

In Ubuntu:

cat /etc/postgresql/9.0/main/postgresql.conf | grep data_dir
data_directory = '/var/lib/postgresql/9.0/main' # use data in another directory

Related

rsync error: unexplained error (code 130 ) at rsync.c(543) [sender=3.0.7]
Is there a quick way to get the very last file in a large TAR?
Postfix virtual domains: how to accept all subdomains except for two?
Disabling Language Bar on Server 2012 R2
What do you use for a RAM disk on Windows Server?
SMTP 552 4.3.1 Session size exceeds fixed maximum session size
opendkim error loading key
iptables blocking ssh tunnel
Amazon Virtual Private Cloud - Can I use a normal VPN Connection
SFTP Error - Couldn't read packet: Connection reset by peer
How does systemd put sshd processes in slices?
does netfilter-persistent reload open up the gates for half a moment?