How to use ssl with dotconnect for Postgresql ?

Discussion of open issues, suggestions and bugs regarding ADO.NET provider for PostgreSQL
Post Reply
Posts: 22
Joined: Thu 14 Apr 2005 16:40

How to use ssl with dotconnect for Postgresql ?

Post by baba » Tue 05 May 2009 05:24

What kind of cert should we provide ?
How to generate it ?
Is this the public key of the db server ?
Wich format ?
Can you provide the openssl script to generate it ?

You probably test that featuree. How did you do ? ?


Posts: 22
Joined: Thu 14 Apr 2005 16:40

Post by baba » Tue 05 May 2009 08:06

Ho ! By the way, if you could provide hints to configure the postgresql server (linux)...

you probably did it !

And it would spare a bunch of time !

Thanks in advance...


Site Admin
Posts: 8247
Joined: Thu 14 Aug 2008 12:44

Post by Shalex » Tue 12 May 2009 12:38

This is a general information that can be useful when using the SSL support of dotConnect for PostgreSQL. Please perform the following steps:

1. Generate keys and certificates using openssl. You will obtain the files like these: root.crt, client.key, client.crt, server.key, server.crt. Please refer to .

2. PostgreSQL server. It is necessary to configure PostgreSQL server. Please read the Secure TCP/IP Connections with SSL section in the PostgreSQL documentation at .
The resume of the above article:
- the PostgreSQL server can be started with SSL enabled by setting the parameter ssl to on in postgresql.conf.
- To start in SSL mode, the server.crt, server.key and root.crt files should exist in the server's data directory. You need to restart the server for changes in them to take effect.

You can make sure that the server settings are made correctly in the following way: execute the SHOW SSL query; if the response is 'on', SSL is working.

3. PostgreSQL client. If the server is configured, you need to set the client's connection options:
- authority certificate (root.crt is in our case) should be placed to the certificate store.
- we use the certificate in the PKCS#12 format. You can generate such certificate using the pkcs12 command of openssl:

openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12

Here is a sampe for setting the connection string when using SSL:

Code: Select all

PgSqlConnection conn = new PgSqlConnection("user id=postgres;password=postgres;host=localhost;");
      conn.SslOptions.Cert = "E:\Test\client.p12"; // Location of the client certificate 
      conn.SslOptions.Password = ""; // the password for access to the certificate data; you have set this password when generating the client.p12 certificate
      conn.SslOptions.TargetHost = "pg_server"; // the server name 'Common Name' (CN) that is specified in server.crt.
      conn.SslOptions.SslMode = SSLMode.Require; // This option determines whether an SSL connection will be established to the server and its priority. Refer to our online documentation.

Post Reply