Skip to main content
Version: 2.2.1

TLS configuration with PostgreSQL

This optional procedure is meant for enabling the TLS certificate with PGSQL during the SoftExpert Suite installation. SSL/TLS connections provide a security layer by encrypting data that move between the customer and a database instance. The use of a server certificate provides an extra security layer by validating whether connection is being established in accordance with the database instance.

  1. Access the database server that will be used and check the following parameters in the postgresql_installation_directory/data/postgresql.conf file:
ssl = on
ssl_ca_file = 'certificado_client.crt'
ssl_cert_file = 'certificado_server.crt'
ssl_key_file = 'chave_certificado_server.key'

Given that:

  • certificado_client.crt: The certificate used in the application for connection to the database.
  • certificate_server.crt: The database certificate.
  • chave_certificado_server.key: The database certificate key.

Make sure the certificate files are all in the postgresql_installation_directory/date folder.

  1. Add the following line to the postgresql_installation_directory/data/pg_hba.conf file:
hostssl all all 0.0.0.0/0 md5

  1. Restart the PostgreSQL service.

  2. Access the application server and enter the certificate_client.crt in the sesuite_directory\data\cert path.

  3. After doing that, edit the hosts file, C:\Windows\System32\drivers\etc\hosts, by entering the database IP with the server name, plus the certificate domain:

<databaseip> <databasedns>.softexpert.com
  1. Make sure SoftExpert Suite is stopped.
C:\sesuite\sesuite.ps1 stop
  1. Use the following command to add, edit or delete a database configuration:
C:\sesuite\sesuite.ps1 database

Choose option 5 - Configure TLS.

When this option is chosen, two more options will appear on screen:

  • 1 - Add Database TLS - Option used to configure the TLS certificate that was configured in the database above.

After adding the configuration, you will be able to restart SoftExpert Suite normally.

  • 2 - Remove Database TLS - This option is used in case there already is a configuration.
Last updated on