Note: download PEM file from AWS: https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem
On the manager server, using a shell:
- Create a directory under /var/cache/intigua/ called: .postgresql
- Download from AWS the certificate called 'rds-combined-ca-bundle.pem' into the manager newly created directory: /var/cache/intigua/.postgresql
- Run the command openssl x509 -outform der -in rds-combined-ca-bundle.pem -out rds-combined-ca-bundle.der
- Run the command keytool -keystore /opt/jdk/jdk1.8.0_191/jre/lib/security/cacerts -alias postgresql -import -file rds-combined-ca-bundle.der
When asked the default password is: changeit
Location of the cacerts my differ based on the excat location of the JRE/JDK installation
- Edit intigua.properties (usually under: /usr/share/tomcat/default/conf/)
directory) as following:
db.url=jdbc:postgresql://<AWS RDS HOST> :5432/intiguadb?ssl=true&sslrootcert=/var/cache/intigua/postgresql/rds-combined-ca-bundle.pem&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full
db.password= <THE PASSWORD GIVEN>
db.username= postgres
where intiguadb stands for the name of the database. If different change it.
- Stop and start tomcat
Comments
0 comments
Please sign in to leave a comment.