TLS configuration with PostgreSQL |
This optional procedure works to enable the TLS certificate with PGSQL when SoftExpert Suite is being installed. SSL/TLS connections work as a security layer, encrypting data that moves between the client and a database instance. The use of a server certificate provides an extra security layer, validating whether the connection is made along the database instance.
To perform this configuration, follow the steps below:
1.Access the database server that will be used and check the following parameters in the /data/postgresql.conf file:
Given that: ▪<client_certificate.crt>: The certificate used in the application to connect to the database. ▪<server_certificate.crt>: The database certificate. ▪<server_certificate_key.key>: The database certificate key.
2.Add the following row to the data/pg_hba.conf file:
3.Restart the PostgreSQL service.
4.Access the application server and insert the <client_certificate.crt> in the \data\cert path.
5.Once done, edit the hosts file, C:\Windows\System32\drivers\etc\hosts, by entering the database IP with the server name and the certificate domain:
6.Make sure SoftExpert Suite is stopped:
Or, if the installation is using another disk, such as D:
7.To add, edit, or delete the database configuration, run the command below:
Or, if the installation is using another disk, such as D:
Choose option "5". By choosing this option, two other options will be displayed on the screen:
1 - Add Database TLS: Used to configure the TLS certificate configured in the database above.
After adding the configuration, you can start SoftExpert Suite as usual.
2 - Remove Database TLS: Used if a configuration already exists.
|