Using SSL v13.1.4.2

Edit this page

EDB Postgres Advanced Server provides native support for using SSL connections to encrypt client/server communications for increased security. In OCL, it is controlled by setting the sslmode parameter to verify-full or verify-ca, and providing the system with a root certificate to verify against.

Steps of SSL configuration:

  1. Configure the Server and Client Side Certificates; for detailed information about configuring SSL client and server side certificates, refer to the PostgreSQL SSL documentation.

  2. Enable the SSL OCL Connection:

    In an OCL client application, you can enable SSL mode by setting the EDB_ATTR_SSL attribute in Session.

char*sslmode= "verify-full";
       (ub4)EDB_ATTR_SSL, errhp);

EDB_ATTR_SSL is defined in edboci.h header file available in installation directory.

  1. After setting SSL attribute, you can use the OCILogon function to create a connection:

Once the server is authenticated, then the client is ready to pass sensitive data.

For more information about the supported SSL mode options, please see: