I have an Nginx/Gunicorn/Django web server and PostgreSQL database server that I only want to access using SSL. I've purchased, installed, and configured a certificate on my web server from a certificate authority and so now my users can only access my website via HTTPS and it's working fine. Now I'd like to implement secure two-way communications between my web server and database server over SSL. Since the only machine talking to my database server will be my web server, will it be OK from a security standpoint to generate my own private key and certificate using the openssl command ("self-signing") or should I get a free ones from somewhere like letsencrypt.org?
Asked
Active
Viewed 739 times
1 Answers
0
There is nothing inherently wrong with using self-signed certificates as long as the signer is trusted. You should take care to manage your key as with any certificate. Since there won't be a chain, it may be more difficult to determine if the certificate has changed, but this, again should be something that you pay attention to anyway.
It would help to know what database server you are using in case there is any certificate checking that you may need to be aware of.
Edit after Postgres clarification:
I don't use Postgres, but it doesn't seem like you will have any issues. Below is a link to their documentation on how to set it up.
icsmith
- 16
- 2
-
I've edited my question to indicate I'm using PostgreSQL. – Jim Feb 08 '17 at 22:09