A possible solution to the impossibility to launch postgres : you should check that the postgres user is still a member of the sss-cert group. I botched the group membership by mistake and wasn't able to launch the server with the same error as above.
Restoring the right membership solved the issue (sudo usermod -aG ssl-cert postgres)
As for the permissions on the key, I have this :
root@endor:/var/lib/postgresql/8.3/main# ls -l server*
lrwxrwxrwx 1 root root 36 2008-10-10 15:15 server.crt -> /etc/ssl/certs/ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root 38 2008-10-10 15:15 server.key -> /etc/ssl/private/ssl-cert-snakeoil.key
and this :
root@endor:/etc/ssl/private# ls -l
total 4
-rw-r----- 1 root ssl-cert 887 2008-10-10 14:53 ssl-cert-snakeoil.key
So it seems that the key is not rw to the world but the symbolic link is. I'm not good enought to know if that is an issue, unfortunately.
A possible solution to the impossibility to launch postgres : you should check that the postgres user is still a member of the sss-cert group. I botched the group membership by mistake and wasn't able to launch the server with the same error as above.
Restoring the right membership solved the issue (sudo usermod -aG ssl-cert postgres)
As for the permissions on the key, I have this : /var/lib/ postgresql/ 8.3/main# ls -l server* certs/ssl- cert-snakeoil. pem private/ ssl-cert- snakeoil. key
root@endor:
lrwxrwxrwx 1 root root 36 2008-10-10 15:15 server.crt -> /etc/ssl/
lrwxrwxrwx 1 root root 38 2008-10-10 15:15 server.key -> /etc/ssl/
and this : /etc/ssl/ private# ls -l snakeoil. key
root@endor:
total 4
-rw-r----- 1 root ssl-cert 887 2008-10-10 14:53 ssl-cert-
So it seems that the key is not rw to the world but the symbolic link is. I'm not good enought to know if that is an issue, unfortunately.