Encrypted PostgreSQL Connections

To encrypt communication between the client and server, first edit postgresql.conf and turn on SSL:

ssl = on # (change requires restart)

Next, require SSL connections by using the hostssl connection type in pg_hba.conf. For example:


hostssl all all 10.10.0.0/16 md5

Finally, add the following files to the server’s data (something like /var/lib/postgresql/8.4/data) directory:

  1. root.crt – the CA certificate
  2. server.crt – the server certificate
  3. server.key – the server key

If the server’s key is encrypted with a password, the service will need to be started manually. Alternatively, a password can be removed with the following:

openssl rsa < server.key > server.key.nopw

Don’t forget to rename as necessary.

Resources

http://developer.postgresql.org/pgdocs/postgres/ssl-tcp.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s