PostgreSQL - TLS |
This section will display the configuration procedure for TLS certificates in PostgreSQL.
This optional procedure works to enable the TLS certificate with PGSQL when SoftExpert Suite is being installed, both in Windows Server and in Linux. SSL/TLS connections work as a security layer encrypting data that moves between the client and a database instance. The use of a server certificate provides an extra security layer, validating whether the connection is made along the database instance.
To configure the TLS certificate in PostgreSQL, perform the following steps:
1.Access the database server that will be used and check the following parameters in the <postgresql_installation_directory>/data/postgresql.conf file:
Given that: ▪<client_certificate.crt>: The certificate signed by the CA used in the application to connect to the database. ▪<server_certificate.crt>: The database certificate. ▪<server_certificate_key.key>: The database certificate key. Make sure all certificate files are in the <postgresql_installation_directory>/data folder.
2.Execute the following commands to add permissions to the files:
3.Add the following row to the <postgresql_installation_directory>data/pg_hba.conf file:
4.Restart the PostgreSQL service.
5.Access the application server and insert the <client_certificate.crt> in the /usr/local/se/cert path.
6.Execute the procedure to configure the equalization. On Linux, it is necessary to create the tag in the database_config.xml file:
7.Once done, edit the hosts file by entering the database IP with the server name and the certificate domain:
8.Equalize the database and the configuration will be ready!
|