Force PostgreSQL clients to use SSL?

ssl = on only enables the possibility of using SSL.

To ensure that all clients are using SSL, add hostssl lines in pg_hba.conf, e.g.,

hostssl  all  all  0.0.0.0/0  md5

and remove all host lines. (Well, maybe keep the ones for localhost.)

If the desire is to force the client to send a certificate, then md5 has to be changed to cert. e.g.,

hostssl  all  all  0.0.0.0/0  cert

No, that simply enables the use of SSL. You need to also make the appropriate changes to your pg_hga.conf file.

Tags:

Postgresql

Recent Posts