>a separate application server Well this can be a solution in a trustworthy and friendly environment, on which I can't count.
I would have been more at ease if libpq could manage a PKCS12 cert. or some secure wallet/keystore that contains both the public and private keys for SSL traffic. Neither the end user nor any admin would have to provide the password to access the keys inside the secured storage as I would have prefered to hard-code the password. Hard coding is not an elegant solution I agree, but leaving on the table an unencrypted private key is not something to do IMO. Any way, thank you for the feedback which has been instructive. -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
