The private keys needs to be readable by the same user the server runs under. This is distribution-dependent and may not be 'root'. In my case I run Red Hat which uses the 'postgres' user, so:
chown postgres.postgres /var/lib/pgsql/data/server.* On Sun, Oct 10, 2010 at 2:52 PM, Mike Christensen <m...@kitchenpc.com>wrote: > Hi, I'm trying to require SSL for Postgres connections from certain > IPs.. This is on Postgres 9.0. > > First, I've followed the directions at: > > http://www.postgresql.org/docs/9.0/static/ssl-tcp.html > > I've created the files server.crt and server.key. I've also removed > the passphrase from the key so Postgres can start automatically. > Finally, I ran: > > chmod 0600 server.key > > The permissions on server.key are now: > > -rw------- 1 root root 887 Oct 10 03:42 server.key > > However, when I set ssl = on in postgresql.conf and start the server, > I get the logged error: > > 2010-10-10 03:47:07 UTC FATAL: could not load private key file > "server.key": Permission denied > > I'm logged on as root. Any ideas? Thanks! > > Mike > > -- > Sent via pgsql-general mailing list (pgsql-general@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-general > -- ------------------------------------------------------------------------------------------------------------------------------------------------------- "Because it that the times revive as time is fresh somehow, and it to feel wins why, and, as for it, all forget an old thing" - Japanese saying
