I am testing SSL connection with Postgresql. Can anyone help me in giving me the steps for this kind of testing. I need to test both on Windows as well as Centos.
Asked
Active
Viewed 1,500 times
0
-
Can you share what you've done so far? Are you just struggling to pass the certificates / key in the connection string? – Jim Jones May 02 '18 at 05:57
-
Well I a very new in SSL testing and I need to understand how to proceed with testing like certificate generation, putting at client directory etc. So can you help me in giving the steps or giving me any docs. to refer – ashish chauhan May 02 '18 at 06:11
-
1a few links to get started: https://www.postgresql.org/docs/10/static/ssl-tcp.html and https://stackoverflow.com/questions/14021998/using-psql-to-connect-to-postgresql-in-ssl-mode – Jim Jones May 02 '18 at 06:13
-
Hi I have created the server.cert, server.key and root.cert and put it in the /data directory in windows. Also, i have put the same files in the C:\Users\xxxxx\AppData\Roaming\postgresql files.As of now i am doing only one way ssl testing . Now i am getting the error as :Error - SSL error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target – ashish chauhan May 03 '18 at 06:36
-
does postgres have access to these files? It might be a permission issue - I haven't worked with Windows for the last 15 years, so I cannot tell you exactly where to change it. – Jim Jones May 03 '18 at 06:45
-
Do i need to make any changes in pg_hba.conf files. I think this change should be same for wndows and other platform? – ashish chauhan May 03 '18 at 06:56
-
Here is an example of how it should look like in your `pg_hba`: `hostssl postgres pgagent 128.176.112.88 255.255.255.255 md5 clientcert=1` and here a connection string: `psql "host=dbserver port=5432 dbname=disco2 user=jones sslmode=verify-full sslkey=/home/user/.postgresql/postgresql.key sslcert=/home/user/.postgresql/postgresql.crt sslrootcert=/home/user/.postgresql/root.crt"` – Jim Jones May 03 '18 at 07:41
-
Hi, thanks one way ssl is working for me. I have created the client cert and client key now. for 2 way ssl, do i need to change anything on my pg_hba file , as its giving error on connection as :PKIX path building failed – ashish chauhan May 08 '18 at 06:40