Results 1 to 3 of 3
  1. #1
    Join Date
    Oct 2010
    Location
    Orlando, FL
    Posts
    311
    Provided Answers: 1

    Unanswered: PostgreSQL Can't Find SSL Certificates [RESOLVED]

    I've removed and replaced my SSL certificates on my database server and I have them stored on Linux in /etc/ssl/. I recreated my symbolic links to match the new certificates but for some reason PostgreSQL is still looking for the old certificates and not the new ones:

    Code:
    2011-04-08 09:54:34 EDT FATAL:  could not load server certificate file "server.crt": No such file or directory
    2011-04-08 10:00:43 EDT FATAL:  could not load server certificate file "server.crt": No such file or directory
    I checked /var/lib/postgres/8.4/main/ & I can see my symbolic links but have no idea what else I'm missing. I don't want to disable SSL on PostgreSQL.

    Code:
    /var/lib/postgresql/8.4/main
    postgres@db1:~/8.4/main$ ls -l
    total 44
    drwx------ 7 postgres postgres 4096 Apr  6 17:01 base
    lrwxrwxrwx 1 root     root       26 Apr  8 09:21 db1_ssl.crt -> /etc/ssl/certs/db1_ssl.crt
    lrwxrwxrwx 1 root     root       28 Apr  8 09:21 db1_ssl.key -> /etc/ssl/private/db1_ssl.key
    drwx------ 2 postgres postgres 4096 Apr  8 08:58 global
    drwx------ 2 postgres postgres 4096 Feb 15 10:53 pg_clog
    drwx------ 4 postgres postgres 4096 Feb 15 10:53 pg_multixact
    drwx------ 2 postgres postgres 4096 Apr  8 08:58 pg_stat_tmp
    drwx------ 2 postgres postgres 4096 Feb 15 10:53 pg_subtrans
    drwx------ 2 postgres postgres 4096 Feb 15 10:53 pg_tblspc
    drwx------ 2 postgres postgres 4096 Feb 15 10:53 pg_twophase
    -rw------- 1 postgres postgres    4 Feb 15 10:53 PG_VERSION
    drwx------ 3 postgres postgres 4096 Feb 15 10:53 pg_xlog
    -rw------- 1 postgres postgres  133 Apr  8 08:57 postmaster.opts
    According to the PostgreSQL documentation:


    Code:
    30.17.4. SSL File Usage
    
    Table 30-4. Libpq/Client SSL File Usage
    
    File	Contents	Effect
    ~/.postgresql/postgresql.crt	client certificate	requested by server
    ~/.postgresql/postgresql.key	client private key	proves client certificate sent by owner; does not indicate certificate owner is trustworthy
    ~/.postgresql/root.crt	trusted certificate authorities	checks server certificate is signed by a trusted certificate authority
    ~/.postgresql/root.crl	certificates revoked by certificate authorities	server certificate must not be on this list
    I don't know why it's still looking for the old 'server.crt' and 'server.key' files. Anyone know what I'm missing?
    Last edited by CacheDrive; 04-08-11 at 19:06.

  2. #2
    Join Date
    Oct 2010
    Location
    Orlando, FL
    Posts
    311
    Provided Answers: 1
    Also tried changing the permissions on both the SSL certificates and the symbolic links from root:root > postgresostrgres and got the same error. Does something need to be re-built or generated from Postgres to reflect the new certificates?

  3. #3
    Join Date
    Oct 2010
    Location
    Orlando, FL
    Posts
    311
    Provided Answers: 1
    **RESOLVED**

    It appears that PostgreSQL requires the symbolic links in Linux must be called 'server.key' & 'server.crt'. The SSL certificates can be call anything you want but in /var/lib/postgres/9.0/main/ the symbolic links MUST be server.*.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •