IBM Security Identity Governance and Intelligence, Version 5.2.3.1

The PostgreSQL database SSL certificate

When you select the SSL option for the PostgreSQL database, or when you configure the database in a FIPS-enabled virtual appliance, a self-signed certificate is created by default.

To list the default certificate, select Configure > Certificates in the virtual appliance dashboard. The certificate is listed in the Certificate Stores pane with the Postgres database key store name.

If you do not want to use the default certificate, you can upload your personal certificate. In this case, you must replace the self-signed certificate with your personal certificate. You must also import your personal certificate in the Signer certificate of the Identity Governance and Intelligence key store.

To upload your personal certificate, follow these steps:
  1. In the Certificate Stores pane, select Postgres database key store and click Edit.
  2. Select dbcert and click Update.

    The Import Certificate window is displayed.

  3. In this window, enter the file name, a label, and a password, and select the type. Click Save.
  4. In the Certificate Stores pane, select Identity Governance and Intelligence key store and click Edit.
  5. Select the Signer tab and click Import.

    The Import Certificate window is displayed.

  6. In this window, enter the file name and a label, and click Save.
If you run a cluster and you upload your personal certificate on the secondary node where the slave database runs, you must also take these steps:
  1. Import your personal certificate in the Signer certificate of the Identity Governance and Intelligence key store of the primary node.
  2. Synchronize all nodes.
Parent topic: Managing the PostgreSQL database