https://www.percona.com/blog/securing-patroni-rest-api-end-points-part-2-using-ssl-certificates/ Mon, 12 Feb 2024 23:30:41 +0000 hourly 1 https://wordpress.org/?v=6.5.2 https://www.percona.com/blog/securing-patroni-rest-api-end-points-part-2-using-ssl-certificates/#comment-10973813 Mon, 14 Nov 2022 05:41:39 +0000 https://www.percona.com/blog/?p=83504#comment-10973813 Hi Javier,
Thank you for letting me know that you find the article useful.
The idea is to have every entity have its own certificates. For example, each node of the cluster or application server can have its own certificate, which can be verified by the Patroni. The easiest approach is to have the same CA sign all the certificates.
When it comes to user authentication at the database level, the CN of the signed certificate should match the username.

]]> https://www.percona.com/blog/securing-patroni-rest-api-end-points-part-2-using-ssl-certificates/#comment-10973812 Thu, 10 Nov 2022 15:28:34 +0000 https://www.percona.com/blog/?p=83504#comment-10973812 Excelent. But some cuestions. For context, in the example above, it mentions that a certificate is used for Login using a framework. In this case, i think there is only one certificate for all the aplication. Is true?. How to force each user to use certificate to authenticate using their own?. This approach makes all users responsable for control of the certificate and access to the system, and is resposability of the application maintain most aspects for security. And More, How to enable this behavior in the database Mysql or Postgresql without framework and with the framework?
Thaks for share.

]]>