PostgreSQL - TLS |
This section will display the configuration procedure for TLS certificates in PostgreSQL.
This optional procedure works to enable the TLS certificate with PGSQL when SoftExpert Suite is being installed, both in Windows Server and in Linux. SSL/TLS connections work as a security layer encrypting data that moves between the client and a database instance. The use of a server certificate provides an extra security layer, validating whether the connection is made along the database instance.
To configure the TLS certificate in PostgreSQL, perform the following steps:
1.Access the database server that will be used and check the following parameters in the <postgresql_installation_directory>/data/postgresql.conf file:
Given that: ▪<client_certificate.crt>: The certificate used in the application to connect to the database. ▪<server_certificate.crt>: The database certificate. ▪<server_certificate_key.key>: The database certificate key. Make sure all certificate files are in the <postgresql_installation_directory>/data folder.
2.Add the following row to the <postgresql_installation_directory>data/pg_hba.conf file:
3.Restart the PostgreSQL service.
4.Access the application server and insert the <client_certificate.crt> in the <sesuite_directory>\cert path.
5.Once done, edit the C:\Windows\System32\drivers\etc\hosts hosts file by entering the database IP with the server name and the certificate domain:
6.Execute SoftExpert Configurator and configure the data according to the database.
7.Check the "Certificate" option, selecting the <client_certificate.crt> file, and equalize the database.
The configuration is ready!
|