Skip to main content

Setting Up SSL Connection to PostgreSQL Databases

This chapter describes how to enable SSL protection for remote PostgreSQL-database connections.

The instructions in this chapter should be run after you have created the PostgreSQL database and user for Key Manager use, and before you configure the Key Manager Server (before running ssh-mgr-setup).

Configuring Key Manager Servers to use SSL connections involves the following procedures:

  • Creating or obtaining SSL certificates

  • Configuring PostgreSQL to receive SSL connections from Key Manager Servers.

  • Configuring Key Manager Servers to use SSL when connecting to the database.

The procedures are detailed in the sections of this appendix.

note

This chapter provides instructions for setting up SSL connectivity with self-signed certificates. If your corporation uses an external CA, you should request the necessary certificates from your corporate CA, instead of creating them yourself.

For more information about setting up PostgreSQL with external CA certificates, please see the official PostgreSQL documentation.