[Camps-users] Pg with SSL
Brian J. Miller
brian at endpoint.com
Tue May 19 21:10:34 UTC 2009
I need to setup remote access to camp Pg DBs with SSL enabled. I can get
the pg_hba.conf correct based on tokenized config files, and I can
presumably do the same with the postgresql.conf to enable SSL itself.
However I seemingly need to generate a server.key/server.crt pair during
Pg initialization. I tried using the config file approach for this as
well, but the files must be read only to the user/owner of the data
directory which currently isn't possible because they have to have group
read permissions to live in ~camp. Additionally I have a camp.key file
in ~camp/<type>/etc but I don't know of a way to specify it in the Pg
configuration, any one else know of one?
I can get to the desired configuration using:
openssl genrsa -out /home/<user>/campXX/pgsql/data/server.key 4096
openssl req -new -x509 -days 3650 -key \
/home/<user>/campXX/pgsql/data/server.key -out \
/home/<user>/campXX/pgsql/data/server.crt
Similar to how we used to generate Apache SSL certs. Is the best
approach to patch Camp/Master.pm to do this (optionally with a config
flag) or is there a better approach?
--
Brian J. Miller
End Point Corp.
brian at endpoint.com
W: 704-376-8292
More information about the Camps-users
mailing list