On Fri, Apr 8, 2011 at 2:21 PM, Carlos Mennens <carlos.menn...@gmail.com>wrote:
> On Fri, Apr 8, 2011 at 1:15 PM, Diego Schulz <dsch...@gmail.com> wrote: > > Hi, > > When linking to the certificate and key you should specify the full path. > > ln -s /etc/ssl/certs/db1_ssl.crt /full/path/to/db1_ssl.crt > > ln -s /etc/ssl/private/db1_ssl.key /full/path/to/db1_ssl.key > > Thanks for the quick reply Diego. I posted the commands above and I > used the full path to the certificates as you can see. Here's the > info: > > lrwxrwxrwx 1 postgres postgres 26 Apr 8 10:43 db1_ssl.crt -> > /etc/ssl/certs/db1_ssl.crt > lrwxrwxrwx 1 postgres postgres 28 Apr 8 10:50 db1_ssl.key -> > /etc/ssl/private/db1_ssl.key > > The 1st part is just the symbolic link referenced in > /var/lib/postgresql/8.4/main but you can see it knows to reference the > symbolic links to /etc/ssl/... > > I'm thinking there's some random configuration file for PostgreSQL > that has pointers to the old server.crt and server.key files but I've > searched /etc/postgres/ and /var/lib/postgresql/8.4/main completely > and can't find it what so ever. I am not authorized to disable SSL per > DoD standards / requirements sadly. > > Any thing else I am missing? I can't be the 1st person to switch SSL > certificates during utilization. > > Make sure the files have the right ownership and permissions. It looks like ownership is correct (postgres:postgres) but permissions might be too loose. Try chmod 400 on your key and certificate and see what happens. cheers, diego