I've removed and replaced my SSL certificates on my database server and I have them stored on Linux in /etc/ssl/. I recreated my symbolic links to match the new certificates but for some reason PostgreSQL is still looking for the old certificates and not the new ones:
2011-04-08 09:54:34 EDT FATAL: could not load server certificate file "server.crt": No such file or directory
2011-04-08 10:00:43 EDT FATAL: could not load server certificate file "server.crt": No such file or directory
I checked /var/lib/postgres/8.4/main/ & I can see my symbolic links but have no idea what else I'm missing. I don't want to disable SSL on PostgreSQL.
30.17.4. SSL File Usage
Table 30-4. Libpq/Client SSL File Usage
File Contents Effect
~/.postgresql/postgresql.crt client certificate requested by server
~/.postgresql/postgresql.key client private key proves client certificate sent by owner; does not indicate certificate owner is trustworthy
~/.postgresql/root.crt trusted certificate authorities checks server certificate is signed by a trusted certificate authority
~/.postgresql/root.crl certificates revoked by certificate authorities server certificate must not be on this list
I don't know why it's still looking for the old 'server.crt' and 'server.key' files. Anyone know what I'm missing?
Also tried changing the permissions on both the SSL certificates and the symbolic links from root:root > postgresostrgres and got the same error. Does something need to be re-built or generated from Postgres to reflect the new certificates?
It appears that PostgreSQL requires the symbolic links in Linux must be called 'server.key' & 'server.crt'. The SSL certificates can be call anything you want but in /var/lib/postgres/9.0/main/ the symbolic links MUST be server.*.