To enable Transport Layer Security (TLS) encryption for PostgreSQL, set the sslmode
property to verify-full
in the JDBC connector URL.
For example, in the $JFROG_HOME/artifactory/var/etc/system.yaml file:
shared: database: ... url:jdbc:postgresql://mypostgress.mydomain.com:5432/artifactory?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify- full&sslrootcert=/tmp/server.crt ...
Note
If you are using old certificates or have an AWS RDS instance that was created before July 2020, you will not have Subject Alternative Name (SAN) enabled. To resolve this issue, you will need to generate a new certificate with SAN.