Encrypting traffic with the built-in PostgreSQL Database

Enabling SSL (Step 3 of 5)

Now that the certificate and key files created, we need to tell PostgreSQL to use them.

The first file we need to edit is postgresql.conf. Open the file in a text editor and look for the line:

#ssl = off # (change requires restart)

and change it to

ssl = on # (change requires restart)

Also, uncomment the next line so it reads:

ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers

Save the changes.

The next file we need to edit is pg_hba.conf. Near the bottom, you should see this line:

host all all md5

Note: You may see "password" instead of "md5". If so, we recommend you change it to "md5" for all entries since it is a little more secure.

Immediately above that line, enter a new line that looks like this:

hostssl all all md5

Save the changes, then restart the PostgreSQL service. In EventSentry, the service name for the built-in database is called "EventSentry Database".

  • Updated on: 2014-07-13
  • Skill Level: Intermediate
  • LEFT/RIGHT arrow keys for navigation