Skip to main content
Delphix

How to Provision a PostgreSQL VDB with SSL Enabled (KBA8907)

 

KBA

KBA# 8907

Applicable Delphix Versions

Click here to view the versions of the Delphix engine to which this article applies
Major Release All Sub Releases
6.0 6.0.0.0, 6.0.1.0, 6.0.1.1, 6.0.2.0, 6.0.2.1, 6.0.3.0, 6.0.3.1, 6.0.4.0, 6.0.4.1, 6.0.4.2, 6.0.5.0, 6.0.6.0, 6.0.6.1, 6.0.7.0, 6.0.8.0, 6.0.8.1, 6.0.9.0, 6.0.10.0, 6.0.10.1, 6.0.11.0, 6.0.12.0, 6.0.12.1, 6.0.13.0

How to Task

This article describes how to provision a PostgreSQL VDB with SSL enabled.

Prerequisites

Follow the instructions in this article to create a private key and a signed server certificate (Section 17.9.3. Creating Certificates  https://www.postgresql.org/docs/9.5/ssl-tcp.html ). By default these should be placed in the PostgreSQL server's "data" directory and are typically named server.crt and server.key. You may place them in other directories and use the PostgreSQL configuration parameters ssl_cert_file and ssl_key_file to specify their name and location.

To Provision the VDB with SSL Enabled

Complete the following procedure to provision the PostgreSQL VDB with SSL enabled.

  1. After completing the prerequisite steps and copying the private key and server certificate to their desired locations, click on the timeline of your dSource and start provisioning a VDB from one of the snapshots.
  2. On the "Target Configuration" section of the VDB provisioning wizard, add the following three "Custom Database-Level config settings":

    ssl - The primary SSL configuration property should be "on" or "off".
    ssl_cert_file - The name and location of the SSL server certificate.
    ssl_key_file - The name and location of the SSL private key.

    PostgreSQL_VDB_SSL.png
     
  3. After successfully provisioning the VDB, try connecting to it with the "psql" utility. A successful connection will echo "SSL connection" details to the terminal.
    $ psql -p 5477 -U delphix  -h nealpostgres.acme.com postgres
    psql (11.2)
    SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
    Type "help" for help.
    
    postgres=# show ssl;
     ssl 
    -----
     on

You can also run the "show ssl" command to confirm what the property is set to as illustrated above.

Related Articles

The following articles may provide more information or related information to this article: