TLS configuration with PostgreSQL
This optional procedure is meant for enabling the TLS certificate with PGSQL during the SoftExpert Suite installation. SSL/TLS connections provide a security layer by encrypting data that move between the customer and a database instance. The use of a server certificate provides an extra security layer by validating whether connection is being established in accordance with the database instance.
- Access the database server that will be used and check the following parameters in the postgresql_installation_directory /data/postgresql.conf file:
ssl = on
ssl_ca_file = '<certificado_client.crt'
ssl_cert_file = '<certificado_server.crt'
ssl_key_file = '<chave_certificado_server.key'’
Given that:
certificado_client.crt
: The certificate used in the application for connection to the database.certificate_server.crt
: The database certificate.chave_certificado_server.key
: The database certificate key.
Make sure the certificate files are all in the postgresql_installation_directory/date folder.
- Add the following line to the postgresql_installation_directory data/pg_hba.conf file:
hostssl all all 0.0.0.0/0 md5
-
Restart the PostgreSQL service.
-
Access the application server and enter the certificate_client.crt in the
sesuite_directory\data\cert
path. -
After doing that, edit the hosts file,
C:\Windows\System32\drivers\etc\hosts
, by entering the database IP with the server name, plus the certificate domain:
<databaseip> <databasedns>.softexpert.com
- Make sure SoftExpert Suite is stopped.
C:\sesuite\sesuite.ps1 stop
- Use the following command to add, edit or delete a database configuration:
C:\sesuite\sesuite.ps1 database
Choose option 5 - Configure TLS.
When this option is chosen, two more options will appear on screen:
- 1 - Add Database TLS - Option used to configure the TLS certificate that was configured in the database above.
After adding the configuration, you will be able to restart SoftExpert Suite normally.
- 2 - Remove Database TLS - This option is used in case there already is a configuration.