On Sun, Dec 05, 2004 at 04:12:38PM +0000, Andrew M wrote: > I am running postgreSQL and just wanted to know how I confirm that SSL > is fully functional? I have placed server.key, server.crt and root.crt > in the data folder and am able to launch postgreSQL with no problems. I > m launching postgreSQl with the following command: > > /usr/local/pgsql/bin/postmaster -i -D /usr/local/pgsql/data
You can omit the -i if you have "tcpip_socket = true" (or set listen_address if you're using 8.0) in postgresql.conf > Is that sufficient to start SSL, how can I check? You should have "ssl = true" in postgresql.conf (restart the backend after making a change). When you make an SSL connection with psql, psql should print a message like the following: SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) Make sure you're using a TCP connection instead of a local (Unix-domain) connection. You can use psql's -h option or the PGHOST environment variable to force a TCP connection (e.g., psql -h localhost). See also the hostssl and hostnossl connection types in pg_hba.conf. -- Michael Fuhr http://www.fuhr.org/~mfuhr/ ---------------------------(end of broadcast)--------------------------- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
