Re: [GENERAL] SSL Certificates in Windows 7 & Postgres 9.3

Wed, 17 Dec 2014 16:12:14 -0800 

On 12/17/2014 11:38 AM, harpagornis wrote:

Some more questions if you please.  I am in Houston, and we don't have a
postgres users group.  If anyone knows of some postgres groups that have
webcasts of their meetings, let me know.  Thanks.

I am trying to figure out how to manage the SSL client certificates in a
Windows 7 environment, both in development mode and alternatively, a working
/ production environment.  Lets say I have several application databases,
and each database has one or more user ids for logging in, then I will need
to create a separate client certificate for each user id that is being used
to login.  Correct?


Yes.


Since the client certificate is always named postgresql.crt, then I will
need to place these variations of the postgresql.crt file in separate
folders.  Correct?
Well the client certificate is for a user, so it needs to be in the users home directory. 



The location that postgres looks for the server and client and root
certificates is the location specified in the environmental variable,
Search_Path.  Correct?
As far as I know there is no such env variable. In any case search_path if for schema discovery in a database. For a list of the env variables see: 

http://www.postgresql.org/docs/9.3/static/libpq-envars.html



So in a development environment, I will need to manually edit the PG_DATA
and Search_Path environmental variables and restart the postgres service
whenever I want to test connecting with a different postgresql.crt?
Well there is no search_path env variable to set and PG_DATA is PGDATA. PGDATA is for the cluster data directory and postgresql.crt is the client certificate. Not sure why you would edit PGDATA or restart Postgres? 



And, in a working / production environment, I will need to programmatically
set the PG_DATA and Search_path environmental variables and restart
postgres?    Are there other methods/ practices commonly used for these
operations?  Thank you in advance.


See above.





--
View this message in context: 
http://postgresql.nabble.com/SSL-Certificates-in-Windows-7-Postgres-9-3-tp5830749p5831182.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.





--
Adrian Klaver
adrian.kla...@aklaver.com


--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Reply via email to