Generating SSL Certificates for PostgreSQL

What you will read?

1 Generate a Private Key
2 Create a Certificate Signing Request (CSR)
3 Generate the SSL Certificate
4 Set Permissions

To enable SSL for PostgreSQL, generating valid SSL certificates is a crucial step. These certificates ensure that the communication between the PostgreSQL server and its clients is encrypted and authenticated. Below are the steps to generate SSL certificates:

Generate a Private Key

Begin by generating a private key for the server. This key will be used to encrypt the data. Use the openssl command:

openssl genrsa -out server.key 2048
chmod 600 server.key

The chmod command ensures that only the server process can access the private key.

Create a Certificate Signing Request (CSR)

The CSR is needed to generate a public certificate. Run the following command:

openssl req -new -key server.key -out server.csr

Fill in the requested details like Common Name (e.g., your VPS’s domain or IP).

Generate the SSL Certificate

You can self-sign the certificate for internal use:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

This creates a certificate (server.crt) valid for one year.

Set Permissions

Ensure the key and certificate files have appropriate permissions:

chmod 600 server.key server.crt

These certificates are now ready to be used with PostgreSQL.

Generating SSL Certificates for PostgreSQL

Table of Contents

Generate a Private Key

Create a Certificate Signing Request (CSR)

Generate the SSL Certificate

Set Permissions

Related Posts