Re: [pgadmin-support] pgAdmin asks me the server's private key

Wed, 06 Oct 2010 15:26:20 -0700 

I think this is a postgres question about how it expects ssl to be
configured ...
I found some source code for Postgres that has this message in it..

http://doxygen.postgresql.org/fe-secure_8c-source.html

01010 if (have_cert && fnbuf[0] != '\0')
01011     {
01012         /* read the client key from file */
01013
01014         if (stat(fnbuf, &buf) != 0)
01015         {
01016             printfPQExpBuffer(&conn->errorMessage,
01017                               libpq_gettext("*certificate present, but
not private key file* \"%s\"\n"),
01018                               fnbuf);
01019             return -1;
01020         }
01021 #ifndef WIN32
01022         if (!S_ISREG(buf.st_mode) || buf.st_mode & (S_IRWXG |
S_IRWXO))
01023         {
01024             printfPQExpBuffer(&conn->errorMessage,
01025                               libpq_gettext("private key file \"%s\"
has group or world access; permissions should be u=rw (0600) or less\n"),
01026                               fnbuf);
01027             return -1;
01028         }
01029 #endif
01030
01031         if (SSL_use_PrivateKey_file(conn->ssl, fnbuf,
SSL_FILETYPE_PEM) != 1)
01032         {
01033             char       *err = SSLerrmessage();
01034
01035             printfPQExpBuffer(&conn->errorMessage,
01036                libpq_gettext("could not load private key file \"%s\":
%s\n"),
01037                               fnbuf, err);
01038             SSLerrfree(err);
01039             return -1;
01040         }
01041     }



2010/10/6 Guillaume Lelarge <guilla...@lelarge.info>

> Le 06/10/2010 22:51, Sébastien Mauroy a écrit :
> > [...]
> > I installed postgreSQL on my serveur with the SSL support enabled. I
> > have my own CA and I generated a cert for this service. When I use
> > pgAdmin III, it says :
> >
> > "Error connecting to the server: certificate present, but not private
> > key file "C:\Users\<my user>\AppData\Roaming/postgresql/postgresql.key"
> >
> > I don't understand why it wants the server private key ?! It's a big
> > security hole if I must give the private key. I miss something ?
> >
>
> Well, I guess you do. Did you try to connect with psql? didn't it ask
> for the same thing?
>
>
> --
> Guillaume
>  http://www.postgresql.fr
>  http://dalibo.com
>
> --
> Sent via pgadmin-support mailing list (pgadmin-support@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgadmin-support
>

Reply via email to