What kind of cert should we provide ?
How to generate it ?
Is this the public key of the db server ?
Wich format ?
Can you provide the openssl script to generate it ?
You probably test that featuree. How did you do ? ?
seb
How to use ssl with dotconnect for Postgresql ?
This is a general information that can be useful when using the SSL support of dotConnect for PostgreSQL. Please perform the following steps:
1. Generate keys and certificates using openssl. You will obtain the files like these: root.crt, client.key, client.crt, server.key, server.crt. Please refer to http://www.openssl.org/ .
2. PostgreSQL server. It is necessary to configure PostgreSQL server. Please read the Secure TCP/IP Connections with SSL section in the PostgreSQL documentation at http://www.postgresql.org/docs/7.1/static/ssl-tcp.html .
The resume of the above article:
- the PostgreSQL server can be started with SSL enabled by setting the parameter ssl to on in postgresql.conf.
- To start in SSL mode, the server.crt, server.key and root.crt files should exist in the server's data directory. You need to restart the server for changes in them to take effect.
You can make sure that the server settings are made correctly in the following way: execute the SHOW SSL query; if the response is 'on', SSL is working.
3. PostgreSQL client. If the server is configured, you need to set the client's connection options:
- authority certificate (root.crt is in our case) should be placed to the certificate store.
- we use the certificate in the PKCS#12 format. You can generate such certificate using the pkcs12 command of openssl:
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
Here is a sampe for setting the connection string when using SSL:
1. Generate keys and certificates using openssl. You will obtain the files like these: root.crt, client.key, client.crt, server.key, server.crt. Please refer to http://www.openssl.org/ .
2. PostgreSQL server. It is necessary to configure PostgreSQL server. Please read the Secure TCP/IP Connections with SSL section in the PostgreSQL documentation at http://www.postgresql.org/docs/7.1/static/ssl-tcp.html .
The resume of the above article:
- the PostgreSQL server can be started with SSL enabled by setting the parameter ssl to on in postgresql.conf.
- To start in SSL mode, the server.crt, server.key and root.crt files should exist in the server's data directory. You need to restart the server for changes in them to take effect.
You can make sure that the server settings are made correctly in the following way: execute the SHOW SSL query; if the response is 'on', SSL is working.
3. PostgreSQL client. If the server is configured, you need to set the client's connection options:
- authority certificate (root.crt is in our case) should be placed to the certificate store.
- we use the certificate in the PKCS#12 format. You can generate such certificate using the pkcs12 command of openssl:
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
Here is a sampe for setting the connection string when using SSL:
Code: Select all
PgSqlConnection conn = new PgSqlConnection("user id=postgres;password=postgres;host=localhost;");
conn.SslOptions.Cert = "E:\Test\client.p12"; // Location of the client certificate
conn.SslOptions.Password = ""; // the password for access to the certificate data; you have set this password when generating the client.p12 certificate
conn.SslOptions.TargetHost = "pg_server"; // the server name 'Common Name' (CN) that is specified in server.crt.
conn.SslOptions.SslMode = SSLMode.Require; // This option determines whether an SSL connection will be established to the server and its priority. Refer to our online documentation.
conn.Open();