To enable Transport Layer Security (TLS) encryption for PostgreSQL, set the sslmode
property to verify-full
in the JDBC connector URL.
For example, update the $JFROG_HOME/artifactory/var/etc/system.yaml file as follows.
shared: database: ... url: jdbc:postgresql://mypostgress.mydomain.com:5432/artifactory?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify- full&sslrootcert=/tmp/server.crt ...
Note
The JFrog Artifactory product includes several microservices that require a connection to a database. Some of these microservices are based on Java, while others are based on Go. During startup, Artifactory automatically converts the JDBC URL to a Go URL. However, in some cases, this conversion may not work, and you will need to configure a dedicated URL for the Go-based microservices.
Note
If you are using old certificates or have an AWS RDS instance that was created before July 2020, you will not have Subject Alternative Name (SAN) enabled. To resolve this issue, you will need to generate a new certificate with SAN.