Thread

  1. Re: encrypted pk8 keys work with libpg connection but not in postgres_fdw

    Dave Cramer <davecramer@postgres.rocks> — 2024-12-01T14:25:17Z

    Please post this on https://github.com/pgjdbc/pgjdbc/issues
    Dave Cramer
    www.postgres.rocks
    
    
    On Wed, 10 Jul 2024 at 11:29, Hunter Payne <huntercpayne@proton.me> wrote:
    
    > Hello,
    > I am using mtls ssl encryption with postgres.  It works and even accepts
    > an encrypted pk8 file.  I found two things that perhaps will help your team
    > out.
    >
    >
    >    1. The pk8 file must use this flag on the openssl pkcs8 command to
    >    generate the pk8 file -v1 pbeWithSHA1And3-KeyTripleDES-CBC and the
    >    PgJDBC docs are wrong about this and state to use -v1 PBE-MD5-DES
    >    which doesn't work.  I think the docs just weren't updated when the
    >    encryption was updated at some point in the past.
    >    2. When I use postgres_fdw to make the same JDBC connection it only
    >    works if I use an unencrypted pk8 file to hold the sslkey.
    >
    >
    > I am using postgres in the alpine docker container (16.3-alpine3.20).
    > Please let me know if and when this changes and I can use encrypted pk8
    > files to hold keys in postgres_fdw too.
    >
    > Thank you,
    > Hunter
    >
    >