Configuring SSL/TLS for PostgreSQL
You can configure SSL or TLS for PostgreSQL when using ThingWorx HA Clustering:
Configuring PostgreSQL
1. See the PostgreSQL documentation at https://www.postgresql.org/docs/11/ssl-tcp.html to set up SSL for the PostgreSQL server.
2. Verify that SSL is enabled on the PostgreSQL server:
a. Check that SSL is enabled with psql -c 'show ssl'.
b. If the value of ssl is set to on, you are running with SSL enabled. You can type exit.
3. Verify SSL connections:
a. Use the user, host, and database name from your database.yml to connect to the database:
1 psql -p <port> -h localhost
b. If SSL is enabled and your key has been authenticated, you will see a line like the following in the output:
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Configuring ThingWorx Foundation
Copy the PostgreSQL server certificates to your ThingWorx instance or make sure they are available on the machine where ThingWorx is running.
ThingWorx as a PostgreSQL client has the option to enable SSL. The configuration to enable SSL for model provider can be included in platform-settings.json file. You must append the following to the existing configuration for PostgresPersistenceProviderPackage under ConnectionInformation in the platform-settings.json file:
"PostgresPersistenceProviderPackage": {
"ConnectionInformation": {
"sslMode": "require",
"sslRootCert": "/certs/postgres-rootcert.crt",
}
For more information about the options for sslMode, see https://jdbc.postgresql.org/documentation/head/ssl-client.html.
Was this helpful?