Configuring SSL/TLS for PostgreSQL

Installation and Upgrade > Installing ThingWorx > Security Configuration > TLS Configuration > Configuring SSL/TLS for PostgreSQL

You can configure SSL or TLS for PostgreSQL when using ThingWorx HA Clustering:

Configuring PostgreSQL

1. See the PostgreSQL documentation at https://www.postgresql.org/docs/11/ssl-tcp.html to set up SSL for the PostgreSQL server.

2. Verify that SSL is enabled on the PostgreSQL server:

a. Check that SSL is enabled with psql -c 'show ssl'.

b. If the value of ssl is set to on, you are running with SSL enabled. You can type exit.

3. Verify SSL connections:

a. Use the user, host, and database name from your database.yml to connect to the database:

1 psql -p <port> -h localhost

b. If SSL is enabled and your key has been authenticated, you will see a line like the following in the output:

SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)

Configuring ThingWorx Foundation

Copy the PostgreSQL server certificates to your ThingWorx instance or make sure they are available on the machine where ThingWorx is running.

ThingWorx as a PostgreSQL client has the option to enable SSL. The configuration to enable SSL for model provider can be included in platform-settings.json file. You must append the following to the existing configuration for PostgresPersistenceProviderPackage under ConnectionInformation in the platform-settings.json file:

"PostgresPersistenceProviderPackage": {
"ConnectionInformation": {
"sslMode": "require",
"sslRootCert": "/certs/postgres-rootcert.crt",
}

For more information about the options for sslMode, see https://jdbc.postgresql.org/documentation/head/ssl-client.html.

Was this helpful?