In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)05/31 Report--
This article mainly introduces "how to set CA certificate to strengthen the security of PostgreSQL". In daily operation, I believe many people have doubts about how to set up CA certificate to strengthen the security of PostgreSQL. Xiaobian consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubt of "how to set CA certificate to strengthen the security of PostgreSQL". Next, please follow the editor to study!
Set up CA
CA should be an offline computer in a highly secure environment.
Generate CA private key
Sudo openssl genrsa-des3-out / etc/ssl/private/trustly-ca.key 2048sudo chown root:ssl-cert / etc/ssl/private/trustly-ca.keysudo chmod 640 / etc/ssl/private/trustly-ca.key
Generate CA certificate
Sudo openssl req-new-x509-days 3650\-subj'/ Category SEUnips staggered StockholmCompact LittstockholmCompact Oasis TrustlyCPN trustlyCPN trustlyplicas\-key / etc/ssl/private/trustly-ca.key\-out / usr/local/share/ca-certificates/trustly-ca.crtsudo update-ca-certificates
Configure the PostgreSQL server
Generate PostgreSQL server private key
# Remove default snakeoil certssudo rm / var/lib/postgresql/9.1/main/server.keysudo rm / var/lib/postgresql/9.1/main/server.crt# Enter a passphrasesudo-u postgres openssl genrsa-des3-out / var/lib/postgresql/9.1/main/server.key 204 Remove the passphrasesudo-u postgres openssl rsa-in/ var/lib/postgresql/9.1/main/server.key-out / var/lib/postgresql/9.1/main/server.keysudo-u postgres chmod 400 / Var/lib/postgresql/9.1/main/server.key
Generate a PostgreSQL server certificate signing request (CSR)
Sudo-u postgres openssl req-new-nodes-key / var/lib/postgresql/9.1/main/server.key-days 3650-out / tmp/server.csr-subj'/ Cruise Seigh Stroke StockholmCompact Lateral StockholmCompact Odyssey Trustlyand CNrabbit postgres`
Sign the PostgreSQL server certificate request with the CA private key
Sudo openssl req-x509\-key / etc/ssl/private/trustly-ca.key\-in/ tmp/server.csr\-out / var/lib/postgresql/9.1/main/server.crtsudo chown postgres:postgres / var/lib/postgresql/9.1/main/server.crt
Create root (root) certificate = PostgreSQL server certificate + CA certificate
Sudo-u postgres sh-c 'cat / var/lib/postgresql/9.1/main/server.crt / etc/ssl/certs/trustly-ca.pem > / var/lib/postgresql/9.1/main/root.crt'sudo cp / var/lib/postgresql/9.1/main/root.crt / usr/local/share/ca-certificates/trustly-postgresql.crtsudo update-ca-certificates
Authorized access
CREATE GROUP sslcertusers;ALTER GROUP sslcertusers ADD USER joel; # / etc/postgresql/9.1/main/pg_hba.conf:hostssl nameofdatabase + sslcertusers 192.168.1.0 Universe 24 cert clientcert=1
Restart PostgreSQL
Sudo service postgresql restart
PostgreSQL client Settings
Copy the root certificate from the PostgreSQL server
Mkdir ~ / .postgresqlcp / etc/ssl/certs/trustly-postgresql.pem ~ / .postgresql/root.crt
Generate PostgreSQL client private key
Openssl genrsa-des3-out ~ / .postgresql/postgresql.key 1024 # If this is a server, remove the passphrase:openssl rsa-in ~ / .postgresql/postgresql.key-out ~ / .postgresql/postgresql.key
Generate a PostgreSQL client certificate signing request and sign it
# Replace "joel" with username:openssl req-new-key ~ / .postgresql/postgresql.key-out ~ / .postgresql/postgresql.csr-subj'/ C=SE/ST=Stockholm/L=Stockholm/O=Trustly/CN=joel'sudo openssl x509-req-in ~ / .postgresql/postgresql.csr-CA / etc/ssl/certs/trustly-ca.pem-CAkey / etc/ssl/private/trustly-ca.key-out ~ / .postgresql/postgresql.crt-CAcreateserialsudo chown joel:joel-R ~ / .postgresqlsudo chmod 400-R ~ / .postgresql / postgresql.key The study on "how to set CA certificates to strengthen the security of PostgreSQL" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 202
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.