| First, as the database administrator (shown here as "postgres"), verify the following settings: |
$ sudo su - postgres
$ psql -c "select name,
case when setting = '' then '' when substring(setting, 1, 1) = '/' then setting else (select setting from pg_settings where name = 'data_directory') || '/' || setting end as setting from pg_settings where name in ('ssl_ca_file', 'ssl_cert_file', 'ssl_crl_file', 'ssl_key_file');"
If the directory in which these files are stored is not protected, this is a finding.