Configure PostgreSQL server to use TLS - Connect_CDC - aws_mainframe_modernization_service - connect_cdc_mimix_share - Latest

Connect CDC Getting Started Guide

Product type
Software
Portfolio
Integrate
Product family
Connect
Product
Connect > Connect CDC (MIMIX Share)
Version
Latest
Language
English
Product name
Connect CDC
Title
Connect CDC Getting Started Guide
Copyright
2024
First publish date
2003
Last edition
2024-07-19
Last publish date
2024-07-19T23:32:53.515937

To perform PostgreSQL certificate validation, you must configure PostgreSQL to start in SSL mode and create or move several files in the server’s data directory as indicated in the procedure below. Instructions for the server configuration are also available on the postgresql.org website.

  1. Move or create files containing the server certificate and private key in the server data directory. By default, these files are named server.crt and server.key. Additionally, the server references verified certificates included in the trusted root certificate file root.crt and revoked root certificate file root.crl:

    File

    Description

    ssl_cert_file($PGDATA/server.crt)

    The server certificate sent to the client to identify the server.

    ssl_key_file($PGDATA/server.key)

    The server private key that verifies    server certificates sent by the owner of the key

    ssl_ca_file ($PGDATA/root.crt)

    The public certificate of the certificate authority that signed the client certificate which is used to verify that the client certificate can be trusted.

    ssl_crl_file ($PGDATA/root.crl)

    The certificates revoked by certificate authorities    list, which the server checks to deny access when client certificates are in this list.

  2. Set the permissions on server.key to disallow any access to world or group by typing the following command at the command prompt

    chmod 0600 server.key

           and pressing enter.

  3. Using a text editor, open Postgresql.conf for editing, change the SSL parameter value to ON, save the file, and close the editor.

  4. Restart PostgreSQL server to implement the configuration change by typing the following command at the command prompt

    /etc/init.d/postgresql-9.0 restart

           and pressing enter.

  5. If the restart fails, enable the server to read the server key file by taking ownership of the server.key file by typing the following command at the command prompt

chown postgres server.key

       and pressing enter.