Обсуждение: PostgreSQL + SSL

Поиск
Список
Период
Сортировка

PostgreSQL + SSL

От
"Pedro Igor Craveiro e Silva"
Дата:
I´m trying to config PG with SSL, but i got a error. I create the key and the certificate and put both in $PGDATA directory.
I also enabled the ssl option in postgresql.conf.
But when i run postmaster i got a error saying that server.key has wrong permissions.
 
Thanks,
 
Pedro Igor

Re: PostgreSQL + SSL

От
Bhuvan A
Дата:
> I´m trying to config PG with SSL, but i got a error. I create the key
> and the certificate and put both in $PGDATA directory. I also enabled
> the ssl option in postgresql.conf. But when i run postmaster i got a
> error saying that server.key has wrong permissions.

It reports the error in either of the below cases:

1. If the file permission is not -r--r--r--.
2. If the certificate and the private key are invalid.  

The clear advice is available in the documentation itself. Try out
http://developer.postgresql.org/docs/postgres/ssl-tcp.html for details.

regards,
bhuvaneswaran

Re: PostgreSQL + SSL

От
Bruce Momjian
Дата:
Actually, the new 7.3.1 error message is:
       if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) ||           buf.st_uid != getuid())       {
postmaster_error("badpermissions on private key file (%s)\n"
 
"File must be owned by the proper user and must have no permissions for\n"
"\"group\" or \"other\".", fnbuf);           ExitPostmaster(1);       }


so that should be clearer for people when it fails.  7.3 had similar
restrictions, but reported the failure more concisely.

---------------------------------------------------------------------------

Bhuvan A wrote:
> 
> > I?m trying to config PG with SSL, but i got a error. I create the key
> > and the certificate and put both in $PGDATA directory. I also enabled
> > the ssl option in postgresql.conf. But when i run postmaster i got a
> > error saying that server.key has wrong permissions.
> 
> It reports the error in either of the below cases:
> 
> 1. If the file permission is not -r--r--r--.
> 2. If the certificate and the private key are invalid.  
> 
> The clear advice is available in the documentation itself. Try out
> http://developer.postgresql.org/docs/postgres/ssl-tcp.html for details.
> 
> regards,
> bhuvaneswaran
> 
> 
> 
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
>     (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073