snippetsqlMajor
How to examine PostgreSQL server's SSL certificate?
Viewed 0 times
postgresqlcertificateexaminehowserverssl
Problem
Suppose there is a PostgreSQL server running and it has SSL enabled. Using "standard" Linux and PostgreSQL tools, how can I examine its SSL certificate?
I'm hoping for output similar to what you would get from running
I do not have access to the PostgreSQL server, so I cannot look at its configuration files directly.
I do not have a superuser login, so I can't get the value of the
Using
From a quick look at the
I'm hoping for output similar to what you would get from running
openssl x509 -text .... And I'm hoping for a one- or two-liner command line answer so I don't have to resort to running a packet sniffer.I do not have access to the PostgreSQL server, so I cannot look at its configuration files directly.
I do not have a superuser login, so I can't get the value of the
ssl_cert_file setting and then pg_read_file on it.Using
openssl s_client -connect ... doesn't work because PostgreSQL doesn't seem to want to do the SSL handshake right away.From a quick look at the
psql documentation, I could not find a command-line parameter that makes it show that information on startup. (Though it does show me certain cipher information.)Solution
It looks like OpenSSL's
References:
s_client tool added Postgres support using the -starttls in 1.1.1, so you can now use the full power of OpenSSL's command line tools without additional helper scripts:openssl s_client -starttls postgres -connect my.postgres.host:5432 # etc...References:
- Git commit
- s_client manpage
Code Snippets
openssl s_client -starttls postgres -connect my.postgres.host:5432 # etc...Context
StackExchange Database Administrators Q#108710, answer score: 34
Revisions (0)
No revisions yet.