Table of Contents Previous Next


12 Appendix B - Configuring SSL Authentication on a Failover Manager Cluster

1.
Place a server.crt and server.key file in the data directory (under your Advanced Server installation). You can purchase a certificate signed by an authority, or create your own self-signed certificate. For information about creating a self-signed certificate, see the PostgreSQL core documentation at:
2.
Modify the postgresql.conf file on each database within the Failover Manager cluster, enabling SSL:
After modifying the postgresql.conf file, you must restart the server.
3.
Modify the pg_hba.conf file on each node of the Failover Manager cluster, adding the following line to the beginning of the file:
4.
After placing the server.crt and server.key file in the data directory, convert the certificate to a form that Java understands; you can use the command:
keytool -keystore $JAVA_HOME/lib/security/cacerts -alias alias_name -import -file server.crt.der
$JAVA_HOME is the home directory of your Java installation.
alias_name can be any string, but must be unique for each certificate.
You can use the keytool command to review a list of the available certificates or retrieve information about a specific certificate. For more information about using the keytool command, enter:
6.
Modify the efm.properties file on each node within the cluster, setting the jdbc.sslmode property.

12 Appendix B - Configuring SSL Authentication on a Failover Manager Cluster

Table of Contents Previous Next