Preparing for an SSL connection with PostgreSQL database

You need to prepare your environment to set up an SSL connection between the Content Engine and the PostgreSQL database server.

About this task

There are two types of PostgreSQL SSL configuration:

Traditional password authentication with a driver that automatically retrieves the certificate.
Certificate-based authentication.

PostgreSQL supports certificate-based authentication for increased security of your connections. Certificate-based authentication is only available for SSL connections. Instead of a password, the client must provide a valid certificate.

The verification level of the connection depends on the SSL mode (sslmode), as described in the following table.

Table 1. SSL modes
sslmode	Eavesdropping protection	MITM protection	Description
require	Yes	No	Network ensures that you always connect to the server you want.
verify-ca	Yes	Depends on the Certificate Authority (CA) policy	Network ensures you connect to a server you trust.
verify-full	Yes	Yes	Network ensures that you connect to the trusted server that you specify.

If you want to use an SSL connection with your PostgreSQL database, you must import the SSL certificate from the database server. You can then configure an SSL-enabled connection to GCD and object store databases that use PostgreSQL.

Your PostgreSQL provider might have different terms or controls for the following steps. Consult the documentation for your provider for more information.