Re: PostgreSQL with SSL

Hello.

> > > I'm trying to use the java keytool in place of openssl.
> > > - I believe that it not possible to start the PostgreSQL server
> without
> > > openssl (and ssl-dev package in debian), is it correct?
> >
> > Yes, I don't think the java keytool works.
>
> Oh, the documentation defeated me twice. The server reads the openssl
> configuration at start time too.
> The keytool may be used only to generate the key pair and the certificate,
> but it can not export the private key from its keystore. You need another
> tool or to write a Java code to do that.

OpenSSL has two ways to store private keys:
1. an own proprietary format
2. standard PKCS#8

The default as used in the postgresql doc is to produce the proprietary format.
Don't know if PostgreSQL can handle PKCS#8 keys.

If you'd like to check, here is a command to produce PKCS#8:
openssl pkcs8 -in server.key  -out server.p8 -topk8

Jose, writing a tutorial sounds promising. If I can be of any help, just contact me.

Martin

--
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01