Connecting to PostgreSQL/PgBouncer using TLS
Connecting to PostgreSQL/PgBouncer using TLS provides secure and encrypted data transfer between client and server. This option is available starting from CodeScoring version.
To connect to PostgreSQL/PgBouncer using TLS¶
- Before starting the system, place certificate and key files in the
ssldirectory in the system installation files; -
Give the files self-explanatory names, e.g.
pgbouncer_server.crt,pgbouncer_server.key;Important: the extension of the certificate files must be
crt; -
Change the owner of the key files as follows:
- Uncomment and edit your SSL/TLS configuration files.
Example of how to enable PostgreSQL/PgBouncer in TLS mode with self-signed certificates¶
- Generate certificates in the
ssldirectory in the system installation files using themkcertutility - Change key file owners
- Copy the SSL/TLS configuration templates
- Uncomment and edit the following lines in the configuration file
postgres/pgbouncer_tls_include.iniclient_tls_sslmode = require client_tls_ca_file = /usr/local/share/ca-certificates/pgbouncer_server.crt client_tls_key_file = /usr/local/share/ca-certificates/pgbouncer_server.key client_tls_cert_file = /usr/local/share/ca-certificates/pgbouncer_server.crt server_tls_sslmode = require server_tls_ca_file = /usr/local/share/ca-certificates/postgresql_server.crt - Uncomment and edit the following lines in the configuration file
postgres/postgresql_ssl_include.conf