Hi, > I’m new as can be with creating SSL certificates on my own. I downloaded > the openssl binary and installed it. The instructions and tutorials on > the website don’t help me much in terms of steps A,B,C; this could also be > due to a lack of familiarity with technical terms used for each part of > this. The only thing I did accomplish is the following > > > > openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout > privateKey.key > > > > I now have a privateKey and CSR file in the openssl/bin folder. Beyond > this I do not know what goes where. I’m on Windows 2003 (server) and > Windows XP (client). I know what to change in the PostgreSQL config but > do not know if PostgreSQL implicitly knows that a certificate exists, and > what the client box should have.
you probably want to check the postgreSQL documentation for where and how to use the certs - as this is not specific to OpenSSL. anyway, in general terms...you now have a private key - good, the PSQL server would have that.... you need to get your CSR signed by a CA that the client knows..... you then would configure PSQL to use the public version of the signed CSR - usually a DER or PEM file by that point. at this point, its just like a client talking to an SSL'd web server (or any other service). client connects, gets given the cert...which it trusts (because of CA) and then SLS tunnel gets made. data is transferred over that tunnel. alan ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
