Overview
This guide describes how to configure TLS encryption between the JetPatch Manager and a PostgreSQL database hosted on AWS RDS, ensuring secure communication between the two services.
|
Note: Download the AWS RDS PEM certificate from: |
Steps
- Create the certificate directory on the manager server:
| mkdir -p /var/cache/intigua/.postgresql |
- Download the AWS RDS combined CA bundle into the newly created directory:
| # Download rds-combined-ca-bundle.pem into /var/cache/intigua/.postgresql |
- Convert the certificate from PEM to DER format:
| openssl x509 -outform der -in rds-combined-ca-bundle.pem -out rds-combined-ca-bundle.der |
- Import the certificate into the Java keystore:
| keytool -keystore /opt/jdk/jdk1.8.0_191/jre/lib/security/cacerts -alias postgresql -import -file rds-combined-ca-bundle.der |
|
Notes: • When prompted for a password, enter the default: changeit • The path to cacerts may differ depending on the exact location of your JRE/JDK installation. |
- Edit intigua.properties (usually located at /usr/share/tomcat/default/conf/) and update the following properties:
|
db.url=jdbc:postgresql://<AWS_RDS_HOST>:5432/intiguadb?ssl=true&sslrootcert=/var/cache/intigua/.postgresql/rds-combined-ca-bundle.pem&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full db.password=<PASSWORD> db.username=postgres |
| Note: intiguadb is the default database name. If your database has a different name, update it in the db.url value accordingly. |
- Stop and start Tomcat to apply the changes:
|
systemctl stop tomcat systemctl start tomcat |
Comments
0 comments
Please sign in to leave a comment.