Preparing for a password-based SSL connection

You need to prepare your environment to set up an SSL connection between the Content Engine and the PostgreSQL database server.

About this task

Both traditional and containerized Content Platform Engine deployments support password-based SSL connection with PostgreSQL database server.

If you want to use an SSL connection with your PostgreSQL database, you must import the SSL certificate from the database server. You can then configure an SSL-enabled connection to GCD and object store databases that use PostgreSQL.

Your PostgreSQL provider might have different terms or controls for the following steps. Consult the documentation for your provider for more information.

Procedure

Follow the steps to if you plan to enable SSL communication between Content Platform Engine and PostgreSQL server for a traditional deployment:

  1. On your PostgreSQL provider, enable SSL connection based on traditional password authentication.
  2. Verify the SSL connection for your PostgreSQL provider.
    1. Verify the SSL connection for the server.
      You can use the following command to verify the SSL connection and enter the password when prompted:
      psql -U your_username -h your_host -d your_database
    2. Verify the SSL setting from your PSQL tool.
      You can use the following command to verify the setting:
      SHOW ssl;
      When the output for the command shows on, it means that SSL is enabled on the server.
  3. On your PostgreSQL provider, generate a root certificate or a server Certificate Authority (CA) certificate.
  4. Download the root certificate. 
    root.crt
  5. In the Content Platform Engine client machine, install the certificate file that you downloaded from the server in a folder of your choice.

What to do next

Based on your deployment type, choose one of the following tasks: