Configure PostgreSQL server to use TLS - Connect_CDC - aws_mainframe_modernization_service - connect_cdc_mimix_share - Latest

AWS Mainframe Modernization - Data Replication for IBM i

Product type
Software
Portfolio
Integrate
Product family
Connect
Product
AWS Mainframe Modernization > AWS Mainframe Modernization Service
Version
Latest
Language
English
Product name
AWS Mainframe Modernization
Title
AWS Mainframe Modernization - Data Replication for IBM i
Copyright
2024
First publish date
2003
Last updated
2024-02-01
Published on
2024-02-01T23:02:31.099696

To perform PostgreSQL certificate validation, you must configure PostgreSQL to start in SSL mode and create or move several files in the server’s data directory as indicated in the procedure below. Instructions for the server configuration are also available on the postgresql.org website.

  1. Move or create files containing the server certificate and private key in the server data directory. By default, these files are named server.crt and server.key. Additionally, the server references verified certificates included in the trusted root certificate file root.crt and revoked root certificate file root.crl:

    File

    Description

    ssl_cert_file($PGDATA/server.crt)

    The server certificate sent to the client to identify the server.

    ssl_key_file($PGDATA/server.key)

    The server private key that verifies    server certificates sent by the owner of the key

    ssl_ca_file ($PGDATA/root.crt)

    The public certificate of the certificate authority that signed the client certificate which is used to verify that the client certificate can be trusted.

    ssl_crl_file ($PGDATA/root.crl)

    The certificates revoked by certificate authorities    list, which the server checks to deny access when client certificates are in this list.

  2. Set the permissions on server.key to disallow any access to world or group by typing the following command at the command prompt

    chmod 0600 server.key

           and pressing enter.

  3. Using a text editor, open Postgresql.conf for editing, change the SSL parameter value to ON, save the file, and close the editor.

  4. Restart PostgreSQL server to implement the configuration change by typing the following command at the command prompt

    /etc/init.d/postgresql-9.0 restart

           and pressing enter.

  5. If the restart fails, enable the server to read the server key file by taking ownership of the server.key file by typing the following command at the command prompt

chown postgres server.key

       and pressing enter.