PostgreSQL has native support for using SSL connections to encrypt client/server communications for increased security. See Section 16.7 for details about the server-side SSL functionality.
If the server demands a client certificate, libpq will send the certificate stored in file ~/.postgresql/postgresql.crt within the user's home directory. A matching private key file ~/.postgresql/postgresql.key must also be present, and must not be world-readable. (On Microsoft Windows these files are named %APPDATA%\postgresql\postgresql.crt and %APPDATA%\postgresql\postgresql.key .)
If the file ~/.postgresql/root.crt is present in the user's home directory, libpq will use the certificate list stored therein to verify the server's certificate. (On Microsoft Windows the file is named %APPDATA%\postgresql\root.crt .) The SSL connection will fail if the server does not present a certificate; therefore, to use this feature the server must have a server.crt file. Certificate Revocation List (CRL) entries are also checked if the file ~/.postgresql/root.crl exists ( %APPDATA%\postgresql\root.crl on Microsoft Windows).
If you are using
inside your application (in addition to inside
), you can use
library has already been initialized by your application.