PostgreSQL Server 1. Generate certificates Download easyrsa2 from github and extract it # ./easyrsa build-ca # ./easyrsa build-server-full postgresql-server # ./easyrsa build-client-full postgresql-client This will generate ca.crt in pki folder, postgres-server.crt , postgres-client.crt in pki/issued folder and postgres-server.key and postgres-client.key in pki/private folder. PostgreSQL JDBC library cannot read .key file, which is why we have to convert the key to DER format (.pk8) file. openssl pkcs8 -topk8 -outform DER -in postgres-client.key -out postgres-client.key.pk8 -nocrypt Give proper unix permissions to the certificates and keys, for eg. # chown postgres:postgres postgres-server.key # chown postgres:postgres postgres-server.crt # chmod go-r postgres-server.key 2. Edit postgresql.conf ssl = on ssl_cert_file = '/opt/postgres-sec/postgres-server.crt...
Universe from my perspective..