PostgreSQL Can't Find SSL Certificates

CarlosinFL · #1 (**permalink**) 04-08-11, 10:25

I've removed and replaced my SSL certificates on my database server and I have them stored on Linux in /etc/ssl/. I recreated my symbolic links to match the new certificates but for some reason PostgreSQL is still looking for the old certificates and not the new ones:

Code:

2011-04-08 09:54:34 EDT FATAL:  could not load server certificate file "server.crt": No such file or directory
2011-04-08 10:00:43 EDT FATAL:  could not load server certificate file "server.crt": No such file or directory

I checked /var/lib/postgres/8.4/main/ & I can see my symbolic links but have no idea what else I'm missing. I don't want to disable SSL on PostgreSQL.

Code:

/var/lib/postgresql/8.4/main
postgres@db1:~/8.4/main$ ls -l
total 44
drwx------ 7 postgres postgres 4096 Apr  6 17:01 base
lrwxrwxrwx 1 root     root       26 Apr  8 09:21 db1_ssl.crt -> /etc/ssl/certs/db1_ssl.crt
lrwxrwxrwx 1 root     root       28 Apr  8 09:21 db1_ssl.key -> /etc/ssl/private/db1_ssl.key
drwx------ 2 postgres postgres 4096 Apr  8 08:58 global
drwx------ 2 postgres postgres 4096 Feb 15 10:53 pg_clog
drwx------ 4 postgres postgres 4096 Feb 15 10:53 pg_multixact
drwx------ 2 postgres postgres 4096 Apr  8 08:58 pg_stat_tmp
drwx------ 2 postgres postgres 4096 Feb 15 10:53 pg_subtrans
drwx------ 2 postgres postgres 4096 Feb 15 10:53 pg_tblspc
drwx------ 2 postgres postgres 4096 Feb 15 10:53 pg_twophase
-rw------- 1 postgres postgres    4 Feb 15 10:53 PG_VERSION
drwx------ 3 postgres postgres 4096 Feb 15 10:53 pg_xlog
-rw------- 1 postgres postgres  133 Apr  8 08:57 postmaster.opts

According to the PostgreSQL documentation:

Code:

30.17.4. SSL File Usage

Table 30-4. Libpq/Client SSL File Usage

File	Contents	Effect
~/.postgresql/postgresql.crt	client certificate	requested by server
~/.postgresql/postgresql.key	client private key	proves client certificate sent by owner; does not indicate certificate owner is trustworthy
~/.postgresql/root.crt	trusted certificate authorities	checks server certificate is signed by a trusted certificate authority
~/.postgresql/root.crl	certificates revoked by certificate authorities	server certificate must not be on this list

I don't know why it's still looking for the old 'server.crt' and 'server.key' files. Anyone know what I'm missing?

CarlosinFL · #2 (**permalink**) 04-08-11, 10:51

Also tried changing the permissions on both the SSL certificates and the symbolic links from root:root > postgres

ostrgres and got the same error. Does something need to be re-built or generated from Postgres to reflect the new certificates?

CarlosinFL · #3 (**permalink**) 04-08-11, 18:06

**RESOLVED**

It appears that PostgreSQL requires the symbolic links in Linux must be called 'server.key' & 'server.crt'. The SSL certificates can be call anything you want but in /var/lib/postgres/9.0/main/ the symbolic links MUST be server.*.

Internet Services

Web Development

Digital Marketing

Consumer Tech