Enabling SSL in MetaMiner Postgres database¶
MetaMiner Postgres database SSL is enabled to accept encrypted connection requests from the client for secure communication.
Enabling the SSL¶
-
Go to " \\Program Files\Infolytik\MetaMiner\server\data\mmdb"
-
Copy the key and the certificate file to this directory
-
Edit file postgresql.conf like below
-
Save the file
In the below section, we're using a self signed cert generated using OpenSSL Library and the below workflow is also applicable to Trusted CA signed SSL certs as well.
More information on cert generation : Postgresql SSL
Important
For organizations, it is recommended to get these certs from your network security team by providing the required server information.
Private key format : PKCS8
Certificate format : DER
OpenSSL command for format conversion:
Key :
openssl pkcs8 -in your_key_file.key -topk8 -v1 PBE-SHA1-RC4-128 -out server.key<br>
Certificate :
openssl x509 -outform der -in your_certificate_file.crt -out server.crt
Limitation
Postgres configuration of version 10 won't allow the server to start automatically if the private key is encrypted with a passphrase.(for better security)
If you want to start Postgres from a terminal, yes it is possible where you're prompted to enter the passphrase.
In MetaMiner, the server startup sequence automatically starts the Postgres database server(in the case of embedded MMDB), so it is not possible to use the private key with a passphrase to start without any manual intervention.
This is an issue till Postgres 10 and from Postgres 11 the server supports accepting the passphrase in the configuration file for the automatic startup of the server.
If you want to use the private key with passphrase then we would suggest you to install the higher version of Postgres( preferably Postgres 12.8) in the MetaMiner server or in a separate server for overcoming the above limitation and after this MetaMiner server will use the newly installed standalone Postgres server as its database.
If you still want to use the embedded MMDB,then remove the passphrase from the existing private key using the below command and continue using the embedded MMDB.
openssl rsa -in serverkey_original.key -out serverkey_without_passphrase.key
MetaMiner Administrator Configuration :
1. Go to MetMiner Admin -> click on "Configure MMDB"
2.Click on "Use SSL" checkbox
3.Click on "Validate and Close" button
NOTE:
MetaMiner validates the SSL and the connection information and closes the "Configure MMDB dialog box" upon successful validation.