How to Provision a PostgreSQL VDB with SSL Enabled (KBA8907)
KBA
KBA# 8907Applicable Delphix Versions
- Click here to view the versions of the Delphix engine to which this article applies
-
Major Release All Sub Releases 6.0 6.0.0.0, 6.0.1.0, 6.0.1.1, 6.0.2.0, 6.0.2.1, 6.0.3.0, 6.0.3.1, 6.0.4.0, 6.0.4.1, 6.0.4.2, 6.0.5.0, 6.0.6.0, 6.0.6.1, 6.0.7.0, 6.0.8.0, 6.0.8.1, 6.0.9.0, 6.0.10.0, 6.0.10.1, 6.0.11.0, 6.0.12.0, 6.0.12.1, 6.0.13.0
How to Task
This article describes how to provision a PostgreSQL VDB with SSL enabled.
Prerequisites
Follow the instructions in this article to create a private key and a signed server certificate (Section 17.9.3. Creating Certificates https://www.postgresql.org/docs/9.5/ssl-tcp.html ). By default these should be placed in the PostgreSQL server's "data" directory and are typically named server.crt and server.key. You may place them in other directories and use the PostgreSQL configuration parameters ssl_cert_file and ssl_key_file to specify their name and location.
To Provision the VDB with SSL Enabled
Complete the following procedure to provision the PostgreSQL VDB with SSL enabled.
- After completing the prerequisite steps and copying the private key and server certificate to their desired locations, click on the timeline of your dSource and start provisioning a VDB from one of the snapshots.
- On the "Target Configuration" section of the VDB provisioning wizard, add the following three "Custom Database-Level config settings":
ssl - The primary SSL configuration property should be "on" or "off".
ssl_cert_file - The name and location of the SSL server certificate.
ssl_key_file - The name and location of the SSL private key.
- After successfully provisioning the VDB, try connecting to it with the "psql" utility. A successful connection will echo "SSL connection" details to the terminal.
$ psql -p 5477 -U delphix -h nealpostgres.acme.com postgres psql (11.2) SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off) Type "help" for help. postgres=# show ssl; ssl ----- on
You can also run the "show ssl" command to confirm what the property is set to as illustrated above.
Related Articles
The following articles may provide more information or related information to this article:
- Refer to PostgreSQL documentation (Section 17.9.3. Creating Certificates https://www.postgresql.org/docs/9.5/ssl-tcp.html ) for detailed instructions on creating the SSL private key and server certificate.