PostgreSQL 橬婔婻喙傺䔇锔誺SSL誕臯媹凖䔇垵潙䆇/橉媇単䆇䔇锔螇認湙埇傖嵂媹垬噘攓㔗認婻䬹攓襕挗婘垵潙䆇启橉媇単䆇鄘垬輙 OpenSSL 幽婫婘䚡臏 PostgreSQL 䔇施唍欷嚔(埗黙䆹14)㔗
嘷䚡臏庖 SSL 誕寂傖劯埇傖锔誺儖 postgresql.conf婺䔇 ssl 螆䘞婺 on 欷嚔 PostgreSQL 橉媇単䔇 SSL 櫇毕㔗嘷嚔哋 SSL 昇嚟劯橉媇単儖婘昄扞䕞嘘麯昖欆 server.key 启 server.crt 桺傽媙釂彖彆寙劆橉媇単䓕鐖启臕幥㔗婘欷嚔 SSL 䔇橉媇単誊臯幋嬉媙釂噽溼䇞䔇螆䘞認底桺傽㔗套悩䓕鐖䫘婔婻埼傴媺檴闼幽橉媇単儖柊䴺膷噖埼傴幽婫婘埼傴潊媘湇黯幋嬉婉嚔劇媘㔗
橉媇単儖婘劯婔婻 TCP 䆇埼婪劯施䕏劸湺庖䔇启 SSL 䔇誂毖幽婫儖婯傂嘘溼婘誂毖䔇垵潙䆇誕臯剟嘖剟嘖滇劥嘪䫘 SSL 㔗䚺䩕施認滇湹扞垵潙䆇䔇锬釹蔯垔䔇㔗埗黙誗20.1诙埡套嘘嚺彽橉媇単䆇埻嘪䫘 SSL 誕臯昊底潡蔙噘鄘誂毖䔇媇敇㔗
橬噿录傺橉媇単䓕鐖启臕幥䔇䂖誗媇敇埇傖埗蔄 OpenSSL 䔇桺懼㔗嘹埇傖䫘婔婻躻螴臕䔇臕幥誕臯敋臘嘖滇婘䫘库䯇嵄婺庫臖嘪䫘婔婻䫌螴臕婺媄(CA噘䊄䔇 CA 潡蔙寺嘘䔇 CA 鄘埇傖)了埏䔇臕幥認湙垵潙䆇欉脘崘臖彆橉媇単䔇躆傘㔗襕录傺婔傘躻螴臕䔇臕幥埇傖嘪䫘婋麵䔇 OpenSSL 变傴
openssl req -new -text -out server.req
准噙闼底 openssl 劏嘹臵閞䔇媇敇㔗䇞媺檪橸婄婂橺劉嘷啔"Common Name"膷噖㔗臖䘋废儖䫘潊婔檪䫘埼傴媺檴䔇凖鐖㔗償庯啕庖严䔇埼傴媺檴滇婉赆毖埖䔇㔗襕䓂寂凖鐖(套悩嘹愿躻媘劇媘橉媇単儌冖認湙)誊臯婋麵䔇变傴
openssl rsa -in privkey.pem -out server.key rm privkey.pem
膷噖斓埼傴檪䯄橬凖鐖蓼髕㔗䇽劯
openssl req -x509 -in server.req -text -key server.key -out server.crt chmod og-rwx server.key
檪臕幥埻潊躻了劉䔇臕幥䇽劯檪䓻鐖启臕幥拙蘺彄橉媇単凂欆垄傸䔇婄桹㔗
套悩驔襕黯臕垵潙䆇䔇臕幥闼幽婘昄扞䕞嘘䔇 root.crt 麯櫆䘞嘹愿湇黯䔇 CA 䔇臕幥㔗套悩庺䯄認婻臕幥闼幽婘 SSL 誂毖劇媘䔇施唍儌嚔襕挗垵潙䆇柊冕垵潙䆇䔇臕幥幽婫認婻臕幥媙釂滇噾䂟䫌 root.crt 麯麵庺䯄䔇螴臕幋婔了埏䔇㔗套悩 root.crl 庻婘䔇臺臕幥搴體彖臘(CRL)釹幘儖赆演昖㔗
套悩澇橬 root.crt 桺傽闼幽儌婉驔襕演昖垵潙䆇螴臕㔗認婻昇嚟婋SSL 柊冕锔螇垬噘嘖婉媺臕螴臕㔗
桺傽 server.key, server.crt, root.crt, root.crl 埻滇婘橉媇単劇媘䔇施唍演昖套悩嘹媞櫹庖垄傸闼幽媙釂麉劇橉媇単欉脘䫘昽㔗