Use > Database > Deploying the PostgreSQL Server Database > PostgreSQL Server Configuration > How to Connect UCMDB Server Container to PostgreSQL Database with TLS Enabled

How to Connect UCMDB Server Container to PostgreSQL Database with TLS Enabled

To do so, do the following:

  1. Prerequisites

    The PostgreSQL Server to which UCMDB will connect needs to accept encrypted connections (TLS). For instructions about how to enable this, contact your DBA.

  2. On the master node (NFS server), create the jdbc.properties file and add the following settings:

    Postgresql = ddpostgresql ddpostgresql.ssl=true
    ddpostgresql.sslcert=<path_in_container>/client.crt ddpostgresql.sslkey=<path_in_container>/client.pkcs8
    ddpostgresql.sslmode=require
    
  3. In the UCMDB yaml file, mount the certificate, the key, and the jdbc.properties file.

    volumes:
    "<path_on_the_host>/client.crt: <path_in_container>/client.crt"
    "<path_on_the_host>/client.pkcs8: <path_in_container>/client.pkcs8"
    "<path_on_the_host>/jdbc.properties:/ucmdb/conf/jdbc.properties"

    where <path_on_the_host> refers to the path of the UCMDB yaml file on the master node (NFS server).

    Note The client.crt is the certificate that identifies and authenticates the user when it tries to connect to an encrypted PostgreSQL Server.

    The client.pkcs8 is the private key that decrypts the certificate.

    The key must be in .pkcs8 format, without encryption and without PEM encoding.