SSL connection for PostgreSQL communication

Step 1: Generate SSL certificate for PostgreSQL server

1) Generate a private key

Sample output:

Type your desired password / pass phrase to encrypt the private key

2) Remove the pass phrase to automatically start up the PostgreSQL server

3) Create a self-signed certificate

You will be prompted to enter detailed information which is incorporated into your self-signed certificate request.

For self-signed certificate, use the server ceriticate as the trusted root certificate:

Copy server.key, server.crt, root.crt to PostgreSQL data folder. For bundled local MetaDefender Core's PostgreSQL:

• Windows: <Installation folder>\data\pg_data\
• Linux: /var/lib/ometascan/pg_data/

Step 2: Configure PostgreSQL server for SSL authentication connection

1) Create a custom config file (e.g. ssl.conf) for PostgreSQL.

For bundled local MetaDefender Core's PostgreSQL:

• Windows: <Installation folder>\postgres\ssl.conf
• Linux: /var/lib/ometascan/postgres/ssl.conf

2) Content of ssl.conf:

3) Modify pg_hba.conf

For bundled local MetaDefender Core's PostgreSQL:

• Windows: <Installation folder>\data\pg_data\pg_hba.conf
• Linux: /var/lib/ometascan/pg_data/pg_hba.conf

Add following (modify ::1/128 if needed to match with your environment requirement)

After the modify, the content of pg_hba.conf should be like this (example):

4) Reload the services

• Standalone DB mode: Restart ometascan service (MetaDefender Core service)
• Shared DB mode: Restart ometascan-pg/ometascan-postgresql service (MetaDefender Core PostgreSQL service) and then ometascan service (MetaDefender Core service)

Test your SSL database connection:

This message indicate that you are now using SSL connection: