Registering Servers - PostgreSQL SSL
To enable SSL for PostgreSQL the user must import an SSL certificate into
the keystore of the Java Virtual Machine that is being used to run Aqua
Data Studio.
Create a quick self-signed certificate using the following OpenSSL command:
openssl req -new -text -out server.req
Fill out the information that openssl asks for. The challenge password
can be left blank. The program will generate a key that is passphrase
protected; it will not accept a passphrase that is less than four
characters long. To remove the passphrase (as you must if you want
automatic start-up of the server), run the commands
openssl rsa -in privkey.pem -out server.key
rm privkey.pem
Enter the old passphrase to unlock the existing key. Now do
openssl req -x509 -in server.req -text -key server.key -out server.crt
chmod og-rwx server.key
to turn the certificate into a self-signed certificate and copy the key
and certificate to the data directory of the server.
Now convert the server.crt to a format java can import on the client:
openssl x509 -in server.crt -out server.crt.der -outform der
Now import the cert into the java keystore:
keytool -keystore [your java home here]/lib/security/cacerts -alias
[any name for the cert you like] -import -file server.crt.der
enter the password for the cacerts keystore (default is 'changeit').
Say yes to trust this cert.
Make sure your Aqua Data Studio instance knows which keystore to use
for the SSL connection by adding to the startup script the parameter
-Djavax.net.ssl.trustStore=<JAVA_HOME>\lib\cacerts
Windows: (Executable) - Modify the [ADS_INSTALL]\datastudio.cfg
-
Add to the beginning of the 3rd line "-Djavax.net.ssl.trustStore=<JAVA_HOME>\lib\cacerts"
Windows: (Batch) - Modify the [ADS_INSTALL]\datastudio.bat or datastudio-bundled.bat
-
Last line should execute java with the parameter between "java" and "-cp" such as ...
"java -Djavax.net.ssl.trustStore=<JAVA_HOME>\lib\cacerts -cp"
OSX: - Modify /Aqua Data Studio/Contents/Info.plist
> ..
>
> <key>VMOptions</key>
>
> <string>-Djavax.net.ssl.trustStore=/Library/Java/Home/lib/security/cacerts
> -Xmx256m</string>
> <key>MainClass</key>
> <string>com.aquafold.datastudio.DataStudio</string>
> ...
Unix: (Script)
-
Last line should execute java with the parameter between "java" and "-cp" such as ...
"java -Djavax.net.ssl.trustStore=<JAVA_HOME>\lib\cacerts -cp"
To use SSL in Aqua Data Studio, you must add the option "?ssl=true"
in the "Driver Param:" in the Advanced Tab of a Server Registration.
|
