Обсуждение: [GENERAL] Server SSL key with passphrase

Поиск
Список
Период
Сортировка

[GENERAL] Server SSL key with passphrase

От
dhanuj hippie
Дата:
Hi,

I have a postgres-9.6 server running with SSL enabled, and I have setup the certificates as per documentation. But currently the key file is not protected by passphrase. Does postgres provide a way to use passphrase protected keys ?

Thanks
Dhanuj

Re: [GENERAL] Server SSL key with passphrase

От
Berend Tober
Дата:
dhanuj hippie wrote:
>
> I have a postgres-9.6 server running with SSL enabled, and I have setup the certificates as per
> documentation. But currently the key file is not protected by passphrase. Does postgres provide a
> way to use passphrase protected keys ?


If by "per documentation" you refer to "18.9.3. Creating a Self-signed Certificate", that process
creates password protected key initially, and then there is a specific step in that process for
removing the password. If you omit that password removal step, then you would have a password
protected key. Note, though, as the documentation further points out, someone will have to be
standing by at the key board whenever the server is started so as to be able to respond to the
password prompt. You may indeed want that, but it is not recommended practice.


-- B