Using SSL v16

EDB Postgres Advanced Server provides native support for using SSL connections to encrypt client/server communications for increased security. In OCL, it's controlled by setting the sslmode parameter to verify-full or verify-ca and providing the system with a root certificate to verify against.

Steps of SSL configuration

  1. Configure the server and client-side certificates. For detailed information about configuring SSL client and server-side certificates, refer to the PostgreSQL SSL documentation.

  2. Enable the SSL OCL connection. In an OCL client application, you can enable SSL mode by setting the EDB_ATTR_SSL attribute in Session:

char* sslmode = "verify-full";
retValue = OCIAttrSet((dvoid*)authp,

EDB_ATTR_SSL is defined in the edboci.h header file available in the installation directory.

  1. After setting the SSL attribute, you can use the OCILogon function to create a connection:

Once the server is authenticated, then the client is ready to pass sensitive data.

For more information about the supported SSL mode options, see the PostgreSQL SSL documentation.