- 1 Minute to read
- Print
- PDF
Configuring PostgreSQL for TLS
- 1 Minute to read
- Print
- PDF
By default, PostgreSQL uses unencrypted connections. For more secure connections, you can enable Transport Layer Security (TLS) support on the PostgreSQL server.
All communication between the edge filer, Drive Connect, and Drive Share/Protect is encrypted. The communication between postgreSQL running on the primary database server and the secondary, replication server is not encrypted by default.
You cannot configure PostgreSQL for TLS the portal uses a self-signed certificate or if the certificate has expired.
To enable TLS support on PostgreSQL:
- Using SSH, log in as root to the CTERA Portal primary database server.
- Edit the
/usr/local/ctera/data/pg_ident.conf
file by adding a mapname and system username for your installation:
For example, when the DNS name is mycompany.com:# MAPNAME SYSTEM-USERNAME PG-USERNAME ctera /^(.*){DNS}$ postgres
# MAPNAME SYSTEM-USERNAME PG-USERNAME ctera /^(.*)mycompany\.com$ postgres
NoteBefore each period in the DNS, add a backslash character ().
- Restart the portal by running the following command:
portal-manage.sh restart
- Using SSH, log in as root to every server in the portal cluster and edit the
/usr/local/ctera/data/pg_ident.conf
file by making the same changes that were made on the primary database server. - On the primary database server, run the following command:
postgres-ssl-mode changingSSLMode true
The portal restarts automatically.
If a server was down when the portal restarts, when that server restarts, the configuration change will be automatically applied to it and it will then automatically restart.
Adding a New Server to the Portal Cluster
If you add a new server to the portal cluster, after connecting the new server to the cluster, log in as root to the new server and edit the /usr/local/ctera/data/pg_ident.conf
file as you did to the other servers.