PostgreSQL database connection for WebSphere Application Server

IBM Content Navigator supports connections to a PostgreSQL database on WebSphere® Application Server using Non-SSL, SSL with password-based authentication, or SSL with certificate-based authentication.

Prerequisites

Before you configure the PostgreSQL database connection, ensure that you have completed the following tasks:

Created a PostgreSQL database for IBM Content Navigator. For more information, see Creating a PostgreSQL database for IBM Content Navigator.
Installed the PostgreSQL JDBC driver on the IBM Content Navigator server.
If you plan to use SSL connections, obtained the necessary SSL certificates from your database administrator.
Gathered the required connection parameters. For more information, see the worksheet for your configuration type.

About PostgreSQL authentication methods

You can configure IBM Content Navigator to connect to PostgreSQL using one of the following authentication methods:

SSL connection

Modes

sslmode=require - Requires SSL but does not verify the server certificate
sslmode=verify-ca - Requires SSL and verifies the server certificate against a trusted CA
sslmode=verify-full - Requires SSL, verifies the server certificate, and checks that the server hostname matches the certificate

Authentication types

SSL with password-based authentication

Encrypted connection by using SSL with username and password credentials. This method provides secure data transmission while using standard password authentication.

Connection URL format:

jdbc:postgresql://hostname:port/database_name?ssl=true&sslmode=require

Example: jdbc:postgresql://localhost:5432/ICNDB?ssl=true&sslmode=require

SSL with certificate-based authentication

Encrypted connection by using SSL with client certificates for authentication. This method provides the highest level of security by using certificate-based authentication in addition to encryption.

Connection URL format:

jdbc:postgresql://hostname:port/database_name?ssl=true&sslmode=verify-full

Additional parameters required:

sslcert - Path to the client certificate file
sslkey - Path to the client private key file
sslrootcert - Path to the root certificate file
sslpassword - Password for the private key (if encrypted)

PostgreSQL with SSL certificate-based authentication is supported for both IBM Content Navigator databases and Content Platform Engine global configuration database (GCD) and object store databases.

Non-SSL connection

Standard connection without encryption. Use this method for development or testing environments where security is not a primary concern.

Connection URL format:

jdbc:postgresql://hostname:port/database_name

Example: jdbc:postgresql://localhost:5432/ICNDB

Configuration requirements

To configure a PostgreSQL connection for IBM Content Navigator, you need the following information:

SSL certificates (for SSL connections)

For SSL with password-based authentication using verify-ca or verify-full modes:

PostgreSQL server certificate must be added to the WebSphere Application Server truststore
Root certificate file path

For SSL with certificate-based authentication:

Client certificate and private key imported into a keystore
Client certificate file path
Client private key file path
Root certificate file path
Private key password (if encrypted)

JDBC driver files

The PostgreSQL JDBC driver file, typically named postgresql-version.jar. This file must be accessible to the application server.

Connection parameters

Database hostname or IP address
Port number (default is 5432)
Database name
Database username and password

Configuring the connection

Use the IBM Content Navigator Configuration and Deployment Tool to configure the PostgreSQL connection. The tool creates the JDBC provider and data source with the appropriate settings for your chosen authentication method.

For information about the parameters required by the Configuration and Deployment Tool, see the worksheet for your database configuration.

Tip: When configuring SSL connections, ensure that you select the appropriate SSL mode based on your security requirements and certificate availability.

Verification

After you configure the PostgreSQL database connection, IBM Content Navigator can connect to the PostgreSQL database by using the specified authentication method.

To verify the connection:

Test the data source connection in the WebSphere Application Server administrative console.
For SSL connections, verify that the SSL mode is correctly configured in the connection URL.
For certificate-based authentication, verify that the client certificate is properly configured in the WebSphere Application Server SSL settings.
Check the WebSphere and PostgreSQL server logs for any connection errors.

Post-configuration tasks

After you configure the database connection, complete the following tasks:

Run the database configuration script to create the IBM Content Navigator tables. For more information, see Running the script to configure your database for IBM Content Navigator.
Restart the WebSphere Application Server server.
Verify that IBM Content Navigator can connect to the database by logging in to the administration console.

Tip: For more information about PostgreSQL SSL configuration, see Configuring an SSL connection for PostgreSQL External link opens a new window or tab