pg_autoctl enable ssl — pg_autoctl enable ssl
pg_autoctl enable ssl — Enable SSL configuration on this node
It is possible to manage Postgres SSL settings with the pg_autoctl command, both at pg_autoctl_create_postgres time and then again to change your mind and update the SSL settings at run-time.
usage: pg_autoctl enable ssl [ --pgdata ] [ --json ] --pgdata path to data directory --ssl-self-signed setup network encryption using self signed certificates (does NOT protect against MITM) --ssl-mode use that sslmode in connection strings --ssl-ca-file set the Postgres ssl_ca_file to that file path --ssl-crl-file set the Postgres ssl_crl_file to that file path --no-ssl don't enable network encryption (NOT recommended, prefer --ssl-self-signed) --server-key set the Postgres ssl_key_file to that file path --server-cert set the Postgres ssl_cert_file to that file path
Location of the Postgres node being managed locally. Defaults to the environment variable PGDATA. Use --monitor to connect to a monitor from anywhere, rather than the monitor URI used by a local Postgres node managed with pg_autoctl.
Generate SSL self-signed certificates to provide network encryption. This does not protect against man-in-the-middle kinds of attacks. See security for more about our SSL settings.
SSL Mode used by pg_autoctl when connecting to other nodes, including when connecting for streaming replication.
Set the Postgres ssl_ca_file to that file path.
Set the Postgres ssl_crl_file to that file path.
Don't enable network encryption. This is not recommended, prefer --ssl-self-signed.
Set the Postgres ssl_key_file to that file path.
Set the Postgres ssl_cert_file to that file path.
Copyright (c) Microsoft Corporation. All rights reserved.