Re: Changed SSL Certificates

Carlos Mennens <carlos.mennens@gmail.com> writes:
> I had self signed SSL certificates on my database server but since
> then removed them and received updated certificates from the security
> team. I removed (backedup) the old server.crt & server.key and now
> have db1_ssl.crt & db1_ssl.key in the identical location as the old
> SSL certificates. I then went to /etc/postgres/8.4/main and removed
> the old symbolic links for the old certificates and generated new
> symbolic links:

> ln -s /etc/ssl/certs/db1_ssl.crt db1_ssl.crt
> ln -s /etc/ssl/private/db1_ssl.key db1_ssl.key

> I then restarted PostgreSQL and got the following error:

> 2011-04-08 09:54:34 EDT FATAL:  could not load server certificate file
> "server.crt": No such file or directory
> 2011-04-08 10:00:43 EDT FATAL:  could not load server certificate file
> "server.crt": No such file or directory

Well, yeah.  The server's key and cert files have to be named exactly
server.crt and server.key.  They can be symlinks, I think, but you
can't just randomly use some other names and expect the server to intuit
that those are the files to use.

            regards, tom lane