How to set CA certificate to strengthen the security of PostgreSQL 04/21 Update SLTechnology News&Howtos

How to set CA certificate to strengthen the security of PostgreSQL

2025-04-21 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Shulou(Shulou.com)05/31 Report--

This article mainly introduces "how to set CA certificate to strengthen the security of PostgreSQL". In daily operation, I believe many people have doubts about how to set up CA certificate to strengthen the security of PostgreSQL. Xiaobian consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubt of "how to set CA certificate to strengthen the security of PostgreSQL". Next, please follow the editor to study!

Set up CA

CA should be an offline computer in a highly secure environment.

Generate CA private key

Sudo openssl genrsa-des3-out / etc/ssl/private/trustly-ca.key 2048sudo chown root:ssl-cert / etc/ssl/private/trustly-ca.keysudo chmod 640 / etc/ssl/private/trustly-ca.key

Generate CA certificate

Sudo openssl req-new-x509-days 3650\-subj'/ Category SEUnips staggered StockholmCompact LittstockholmCompact Oasis TrustlyCPN trustlyCPN trustlyplicas\-key / etc/ssl/private/trustly-ca.key\-out / usr/local/share/ca-certificates/trustly-ca.crtsudo update-ca-certificates

Configure the PostgreSQL server

Generate PostgreSQL server private key

# Remove default snakeoil certssudo rm / var/lib/postgresql/9.1/main/server.keysudo rm / var/lib/postgresql/9.1/main/server.crt# Enter a passphrasesudo-u postgres openssl genrsa-des3-out / var/lib/postgresql/9.1/main/server.key 204 Remove the passphrasesudo-u postgres openssl rsa-in/ var/lib/postgresql/9.1/main/server.key-out / var/lib/postgresql/9.1/main/server.keysudo-u postgres chmod 400 / Var/lib/postgresql/9.1/main/server.key

Generate a PostgreSQL server certificate signing request (CSR)

Sudo-u postgres openssl req-new-nodes-key / var/lib/postgresql/9.1/main/server.key-days 3650-out / tmp/server.csr-subj'/ Cruise Seigh Stroke StockholmCompact Lateral StockholmCompact Odyssey Trustlyand CNrabbit postgres`

Sign the PostgreSQL server certificate request with the CA private key

Sudo openssl req-x509\-key / etc/ssl/private/trustly-ca.key\-in/ tmp/server.csr\-out / var/lib/postgresql/9.1/main/server.crtsudo chown postgres:postgres / var/lib/postgresql/9.1/main/server.crt

Create root (root) certificate = PostgreSQL server certificate + CA certificate

Sudo-u postgres sh-c 'cat / var/lib/postgresql/9.1/main/server.crt / etc/ssl/certs/trustly-ca.pem > / var/lib/postgresql/9.1/main/root.crt'sudo cp / var/lib/postgresql/9.1/main/root.crt / usr/local/share/ca-certificates/trustly-postgresql.crtsudo update-ca-certificates

Authorized access

CREATE GROUP sslcertusers;ALTER GROUP sslcertusers ADD USER joel; # / etc/postgresql/9.1/main/pg_hba.conf:hostssl nameofdatabase + sslcertusers 192.168.1.0 Universe 24 cert clientcert=1

Restart PostgreSQL

Sudo service postgresql restart

PostgreSQL client Settings

Copy the root certificate from the PostgreSQL server

Mkdir ~ / .postgresqlcp / etc/ssl/certs/trustly-postgresql.pem ~ / .postgresql/root.crt

Generate PostgreSQL client private key

Openssl genrsa-des3-out ~ / .postgresql/postgresql.key 1024 # If this is a server, remove the passphrase:openssl rsa-in ~ / .postgresql/postgresql.key-out ~ / .postgresql/postgresql.key

Generate a PostgreSQL client certificate signing request and sign it

# Replace "joel" with username:openssl req-new-key ~ / .postgresql/postgresql.key-out ~ / .postgresql/postgresql.csr-subj'/ C=SE/ST=Stockholm/L=Stockholm/O=Trustly/CN=joel'sudo openssl x509-req-in ~ / .postgresql/postgresql.csr-CA / etc/ssl/certs/trustly-ca.pem-CAkey / etc/ssl/private/trustly-ca.key-out ~ / .postgresql/postgresql.crt-CAcreateserialsudo chown joel:joel-R ~ / .postgresqlsudo chmod 400-R ~ / .postgresql / postgresql.key The study on "how to set CA certificates to strengthen the security of PostgreSQL" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.