Post date: Nov 01, 2014 4:12:2 PM
On the server side:
1) Change the ssl = off to ssl = on in postgresql.conf on the master node.
2) Create self-signed certs for the master node and for the test end user. It won’t be necessary for your env since your env will apply digital cert for the master node
3) Copy root.crt (you will need to extract the root cert from the master node cert once you get the cert), the master node cert, and the private key of the maste node cert (again, you may have to extract the private key from master cert you are getting) under the data directory of the master node
4) Change the permissions of the cert related files in 3) to 600
5) To force the client to use client side cert, add an hostssl entry in pg_hba.conf as “hostssl <database_name> <user_name> <client_host_ip> cert clientcert=1”. If not forcing client side cert, make it “hostssl <database_name> <user_name> <client_host_ip> password clientcert=0”.
6) Restart the server.
On the client (DIA in my env):
1) Create a self-signed cert for the end user.
2) Under the end-user’s home dir, create a directory “.postgresql”
3) Deploy the end user’s cert, the private key, and the root.crt under the .postgresql directory
4) Change the permissions of the above cert related files to 600
5) Connect to the server using the following command: psql “sslmode=verify-full” –h <master_node_ip/name> -U <user_name>