Generate files on the server machine - Connect_CDC - aws_mainframe_modernization_service - connect_cdc_mimix_share - Latest

AWS Mainframe Modernization - Data Replication for IBM i

Product type
Software
Portfolio
Integrate
Product family
Connect
Product
AWS Mainframe Modernization > AWS Mainframe Modernization Service
Version
Latest
Language
English
Product name
AWS Mainframe Modernization
Title
AWS Mainframe Modernization - Data Replication for IBM i
Copyright
2024
First publish date
2003
Last updated
2024-02-01
Published on
2024-02-01T23:02:31.099696
  1. Open a command console session. Create a private key and certificate signing request (CSR) by typing a command similar to the following at the command prompt:

    openssl req -newkey rsa:2048 -nodes -keyout postgresql.key -out postgresql.csr

           and press enter to generate a key file named postgresql.key.

  2. Type responses to the prompts that correspond to your country, state, locality, city, company, organization, common name, and email address. The certificate common name (CN) must be set to the database user name used to connect to postgreSQL on the client. Leave password and optional company name blank.

  3. Convert the generated key file from PEM format to PKCS8 format by typing the following command at the command prompt:

    openssl pkcs8 -topk8 -inform PEM -outform DER -in postgresql.key -out postgresql.pk8 -nocrypt

           and press enter.

  4. Grant read permission on the key file for the group by typing the following command at the command prompt:

    chmod 640 postgresql.pk8

           and press enter to generate a converted key file named postgresql.pk8.

  5. Generate a signed client certificate from the trusted root.crt and server.key in the PostgreSQL data directory by typing the following command at the command prompt:

    openssl x509 -req -in postgresql.csr -CA root.crt -CAkey server.key -out postgresql.crt -CAcreateserial -outform pem

           and press enter.

  6. Verify the client certificate, postgresql.crt, with the trusted root certificate by typing the following command at the command prompt:

    openssl verify -CAfile root.crt -purpose sslclient postgresql.crt

          and press enter.

  7. Copy root.crt (trusted root certificate), postgresql.crt (client certificate), and postgresql.key (private key) to the client machine pgadmin %appdata%\postgresql for Windows or pgadmin ~/.postgresql/ for Linux.

  8. Change the file permissions for postgresql.key to restrict access to just you.

  9. Delete the root.crt (trusted root certificates), postgresql.crt (client certificate), and postgresql.key (private key) files from the server /tmp/ directory.

  10. Open a command console session and navigate to the Connect CDC kernel directory on the client machine, which by default is <Precisely_Connect_Install>\ConnectCDCV57\kernel>.

  11. Extract the PostgreSQL.properties file from Omni.jar to kernel folder using the Java jar utility. Type the following commands at the command prompt. Run:
    jar xf Omni.jar omnienterprise/gdbc/PostgresSQL.properties
    mv omnienterprise/gdbc/PostgresSQL.properties .
  12. Using a text editor, open PostgreSQL.properties for editing and change the value of the JDBC URL parameter with TLS encryption parameters, similar to the following:

    url=jdbc:postgresql://%HOST:%PORT/%SERVER?ssl=true
    &autosave=always&sslmode=verify-full
    &sslcert={location of client certificate}&sslkey={location of private key}
    &sslrootcert={location of trusted root certificate}.

    It is recommended to use sslmode=verify-full for highest level of security. Please refer to https://www.postgresql.org/docs/9.1/libpq-ssl.html (Protection Provided in Different Modes) for description of other options to use and trade-offs between security and performance.