Table of Contents Previous Next


8 Replacing SSL Certificates

On a Windows host, you can use the Services applet to stop the PEM agent. The PEM agent service is named Postgres Enterprise Manager Agent; highlight the service name in the Services dialog, and click Stop the service.
2.
Take a backup of the existing SSL keys and certificates. The SSL keys and certificates are stored in the /data directory under your PEM installation. For example, the default location on a Linux system is:
creates a backup of the ca_certificate file with the word old appended to the entry.
3.
Use the openssl_rsa_generate_key() function to generate the ca_key.key file.
After creating the ca_key.key file, cat the contents to the variable CA_KEY for use when generating the ca_certificate.crt file and modify the privileges on the ca_key.key file.
4.
Use the key to generate the ca_certificate.crt file. For simplicity, place the SQL query into a temporary file with a unique name:
Modify the permissions of the ca_certificate.crt file, and remove the temporary file that contained the SQL command:
5.
Re-use the ca_certificate.crt file as the root.crt file:
6.
Use the openssl_rsa_generate_crl() function to create the certificate revocation list (root.crl) .
7.
Use the openssl_rsa_generate_key() function to generate the server.key file.
After creating the server.key file, cat the contents to the variable SSL_KEY for use when generating the server.crt file and modify the privileges on the server.key file.
8.
Use the SSL_KEY to generate the server certificate. Save the certificate in the server.crt file. For simplicity, place the SQL query into a temporary file with a unique name:
Then, generate the server.crt file:
Modify the privileges on the server.crt file, and delete the temporary file:

8 Replacing SSL Certificates

Table of Contents Previous Next