SSL Configuration Parameters: Enabling SSL, CA File, Certificate File, and CRL Files/Directories

implementing OAuth validators, see <xref linkend="oauth-validators" />. </para> </listitem> </varlistentry> </variablelist> </sect2> <sect2 id="runtime-config-connection-ssl"> <title>SSL</title> <para> See <xref linkend="ssl-tcp"/> for more information about setting up <acronym>SSL</acronym>. The configuration parameters for controlling transfer encryption using <acronym>TLS</acronym> protocols are named <literal>ssl</literal> for historic reasons, even though support for the <acronym>SSL</acronym> protocol has been deprecated. <acronym>SSL</acronym> is in this context used interchangeably with <acronym>TLS</acronym>. </para> <variablelist> <varlistentry id="guc-ssl" xreflabel="ssl"> <term><varname>ssl</varname> (<type>boolean</type>) <indexterm> <primary><varname>ssl</varname> configuration parameter</primary> </indexterm> </term> <listitem> <para> Enables <acronym>SSL</acronym> connections. This parameter can only be set in the <filename>postgresql.conf</filename> file or on the server command line. The default is <literal>off</literal>. </para> </listitem> </varlistentry> <varlistentry id="guc-ssl-ca-file" xreflabel="ssl_ca_file"> <term><varname>ssl_ca_file</varname> (<type>string</type>) <indexterm> <primary><varname>ssl_ca_file</varname> configuration parameter</primary> </indexterm> </term> <listitem> <para> Specifies the name of the file containing the SSL server certificate authority (CA). Relative paths are relative to the data directory. This parameter can only be set in the <filename>postgresql.conf</filename> file or on the server command line. The default is empty, meaning no CA file is loaded, and client certificate verification is not performed. </para> </listitem> </varlistentry> <varlistentry id="guc-ssl-cert-file" xreflabel="ssl_cert_file"> <term><varname>ssl_cert_file</varname> (<type>string</type>) <indexterm> <primary><varname>ssl_cert_file</varname> configuration parameter</primary> </indexterm> </term> <listitem> <para> Specifies the name of the file containing the SSL server certificate. Relative paths are relative to the data directory. This parameter can only be set in the <filename>postgresql.conf</filename> file or on the server command line. The default is <filename>server.crt</filename>. </para> </listitem> </varlistentry> <varlistentry id="guc-ssl-crl-file" xreflabel="ssl_crl_file"> <term><varname>ssl_crl_file</varname> (<type>string</type>) <indexterm> <primary><varname>ssl_crl_file</varname> configuration parameter</primary> </indexterm> </term> <listitem> <para> Specifies the name of the file containing the SSL client certificate revocation list (CRL). Relative paths are relative to the data directory. This parameter can only be set in the <filename>postgresql.conf</filename> file or on the server command line. The default is empty, meaning no CRL file is loaded (unless <xref linkend="guc-ssl-crl-dir"/> is set). </para> </listitem> </varlistentry> <varlistentry id="guc-ssl-crl-dir" xreflabel="ssl_crl_dir"> <term><varname>ssl_crl_dir</varname> (<type>string</type>) <indexterm> <primary><varname>ssl_crl_dir</varname> configuration parameter</primary> </indexterm> </term> <listitem> <para> Specifies the name of the directory containing the SSL client certificate revocation list (CRL). Relative paths are relative to the data directory. This parameter can only be set in

This section details SSL configuration parameters, including enabling SSL connections (`ssl`), specifying the SSL certificate authority file (`ssl_ca_file`), the SSL server certificate file (`ssl_cert_file`), and the SSL client certificate revocation list file (`ssl_crl_file`) and directory (`ssl_crl_dir`). These parameters control how the server handles SSL/TLS encryption for secure connections. Note that 'SSL' is used interchangeably with 'TLS' in this context.