I am trying to enable SSL for Postgres 10. Rather than specifying a ca file, though, I would like to use a truststore.jks and keystore.p12 that is given to me. Postgres and our communicating services are each in their own docker container. The services are able to share the truststore and keystore by having them in a shared volume mount and using the basic Java commands on startup:
-Djavax.net.ssl.trustStore=${TRUSTSTORE_NAME}
However, postgres doesn't work the same way (to my knowledge). It has the following properties in the postgresql.conf:
ssl = on
ssl_cert_file = '/server.crt'
ssl_key_file = '/server.key'
ssl_ca_file = '/root.crt'
ssl_crl_file = '/ssl.crl'
This will work if I have access to those certs. However, I don't want to point to specific certs, because they will already be in the truststore and I will not know their alias - I want to instead say "use this truststore that I am giving you". Is this possible?
Java KeyStore (*.jks) is a Java-specific format and PostgreSQL is not written in Java, so that alone disqualifies your truststore+keystore configuration.
As for PKCS12 (*.p12 file extension), while it's a platform-independent standard, I've only ever seen in used in relation to PostgreSQL with various clients (most notably JDBC-based) and never to supply certificates to the server.
Taking all that into account, OP, you'll unfortunately have to extract the certiticates and use them directly.