Securing PostgreSQL client with SSL/TLS on RHEL6

Updated -

Securing postgresql (postgresql-8.4.20-8.el6_9) that uses openssl

This article is part of the Securing Applications Collection

There are a number of ways to specify the requirement for a secured connection at the client end.

The first involves providing a connection string using connection parameters.

    psql " dbname=postgres user=postgres sslmode=verify-full sslrootcert=$HOME/"

The alternate method is to utilise the service name mechanism by placing details in the service file.


in .INI format with a logical name for the service


and then connection with the service name parameter

    $ psql "service=mypg6"
    psql (8.4.20)
    SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
    Type "help" for help.


Authority Certificate File

The authority file is specified directly via the sslrootcert parameter, or placed at in


Should contain the root certificate that signed the server's certificate.


Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.