Install PostgreSQL
https://www.cherryservers.com/blog/how-to-configure-ssl-on-postgresql
dnf update
dnf module list postgresql
dnf install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
dnf -qy module disable postgresql
dnf install postgresql14 postgresql14-server -y
/usr/pgsql-14/bin/postgresql-14-setup initdb
systemctl start postgresql-14
systemctl enable postgresql-14
systemctl status postgresql-14
ss -pnltu | grep 5432
sudo su
su – postgres
psql
ALTER USER postgres WITH PASSWORD ‘YOUR@PASSWORD’
\q
exit
certificate
cd /var/lib/pgsql/14/data
openssl genrsa -aes128 2048 > server.key
ls -l | grep server.key
openssl rsa -in server.key -out server.key
chmod 400 server.key
chown postgres.postgres server.key
openssl req -new -key server.key -days 365 -out server.crt -x509 -addext “subjectAltName = DNS:postgresql.trac.local”
cp server.crt root.crt
Edit postgresql.conf
nano /var/lib/pgsql/14/data/postgresql.conf
listen_addresses = ‘*’
max_connections = 300
shared_buffers = 128MB
ssl = on
ssl_ca_file = ‘root.crt’
ssl_cert_file = ‘server.crt’
ssl_crl_file = ”
ssl_key_file = ‘server.key’
ssl_ciphers = ‘HIGH:MEDIUM:+3DES:!aNULL’ # allowed SSL ciphers
ssl_prefer_server_ciphers = on
Edit pg_hba.conf
nano /var/lib/pgsql/14/data/pg_hba.conf
hostssl all all 192.168.3.82/32 scram-sha-256
hostssl all all 192.168.3.83/32 scram-sha-256
host all all 192.168.3.82/32 trust
host all all 192.168.3.83/32 trust
systemctl restart postgresql-14
firewall-cmd –add-service=postgresql –permanent
firewall-cmd –reload
psql -U postgres -p 5432 -h postgresql.trac.local
for PrivX Server Connection
yum install ca-certificates
update-ca-trust force-enable
copy server.crt to /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
create user
sudo -u postgres createuser <username>