堆栈内存溢出
  简体   繁体   English

如何配置基于x509客户端证书的身份验证以连接到基于AWS RDS的PostgreSQL

[英]How to configure x509 client certificate based authentication to connect to AWS RDS based PostgreSQL

 原文  2018-12-13 10:46:11       postgresql/ amazon-web-services/ security/ ssl/ x509

问题描述

We want to enforce encryption-in-motion for connecting to our PostgreSQL database hosted in Amazon AWS RDS. 我们想要强制执行动态加密,以连接到Amazon AWS RDS中托管的PostgreSQL数据库。 We followed the steps given here: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL 我们遵循了此处给出的步骤: https : //docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL

After doing the steps we are able to connect to the database with a command given below where we are using the root certificate provided by AWS: 完成这些步骤后,我们可以使用下面提供的命令连接到数据库,其中使用的是AWS提供的根证书: 

    psql -h mydb.ckpjohsjh7j8.us-east-1.rds.amazonaws.com -p 5432 "dbname=mydb user=root password=mypassword sslrootcert=rds-combined-ca-bundle.pem sslmode=verify-full"

However, we are also able to connect without specifying the "sslrootcert" or "sslmode" parameters as seen in command below: 但是,我们也可以在不指定“ sslrootcert”或“ sslmode”参数的情况下进行连接,如以下命令所示: 

    psql -h mydb.ckpjohsjh7j8.us-east-1.rds.amazonaws.com -p 5432 "dbname=mydb user=root password=mypassword"

This means that x509 client certificate validation is not enabled for AWS RDS. 这意味着未为AWS RDS启用x509客户端证书验证。 I suppose there must be some way to generate my own private key and csr to get a public key signed by AWS or some way to configure customer provided private, public key. 我想必须有某种方式来生成我自己的私钥和csr,以获取由AWS签名的公钥,或者某种方式来配置客户提供的私钥,公钥。 I searched the AWS documentation but could not locate any reference on how to enable it. 我搜索了AWS文档,但找不到有关如何启用它的任何参考。

Could you please guide me on how to configure "enforcement" of x509 client certificate based authentication to connect to AWS RDS based PostgreSQL database? 您能否指导我如何配置基于x509客户端证书的身份验证的“强制”以连接到基于AWS RDS的PostgreSQL数据库?

Kind regards, Shashi 亲切的问候,沙市

1 个解决方案

解决方案1
 0  2018-12-20 14:27:20

We contacted AWS support and got confirmation that RDS currently does not support configuring user generated, provided private on database server that could be used with corresponding signed public key. 我们联系了AWS支持人员,并得到RDS当前不支持配置用户生成的确认,条件是数据库服务器上的私有数据可以与相应的已签名公钥一起使用。 It's in their product backlog. 在他们的产品积压中。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS Aurora PostgreSQL - x509:由未知机构签署的证书 - AWS Aurora PostgreSQL - x509: certificate signed by unknown authority 使用 x509 证书登录 PostgreSQL - PostgreSQL login with x509 certificate 不提供证书的AWS RDS Postgresql Connect - AWS RDS Postgresql Connect Without Providing Certificate PostgreSQL pq打开不成功:x509:证书由未知授权机构签名 - PostgreSQL pq Open not successful: x509: certificate signed by unknown authority AWS PostgreSQL RDS 服务器证书、客户端证书和客户端私钥在哪里? - Where is the AWS PostgreSQL RDS Server certificate, client certificate & client private key? 如何通过AWS RDS在没有“数据库”名称的情况下连接到PostgreSQL DB - How to connect to PostgreSQL DB without a “database” name from AWS RDS 使用AWS Lambda和Golang连接到AWS RDS PostgreSQL - Connect to AWS RDS PostgreSQL with AWS Lambda and Golang 无法使用 AWS RDS 在生产中连接到 postgresql - Not able to connect to postgresql in production, using AWS RDS 如何配置从 Vanilla Postgresql 9.6 DB 到 AWS RDS Postgresql 的流复制 - How to configure stream replication from Vanilla Postgresql 9.6 DB to AWS RDS Postgresql AWS RDS:如何连接到实例 - AWS RDS: How to Connect to Instance
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM