Skip to content

Configuring MMDB Connection over SSL

It is recommended to implement SSL encryption for communication between MMTE Server and PostgreSQL RDBMS for improved security.

SSL encryption is performed using the standard OpenSSL library.

Certificate Requirements

Now you need to issue a certificate and private key.

You can employ any valid SSL certificate.

An SSL certificate is required for establishing an encrypted connection. PostgreSQL establishes the following technical requirements:


For enterprise users, it is recommended to get these certs from your corporate network/security team by providing the required server information.

Enabling SSL at PostgreSQL Side

If your MMTE Server is connected to multiple PostgreSQL servers, perform this operation on each of them.

To enable SSL encryption:

  1. Log in to a computer where PostgreSQL is installed. For embedded PostgreSQL, log in to the MMTE Server computer.

  2. Place certificate and private key created in the previous section to the data directory of PostgreSQL. In case of embedded PostgreSQL, place generated cert and key in <METAMINER INSTALLATION DIRECTORY>\server\data\mmdb

  3. Navigate to the directory where the main PostgreSQL config file postgresql.conf is located. For embedded PostgreSQL, it is <METAMINER INSTALLATION DIRECTORY>\server\data\mmdb

    Read here for more information about setting PostgreSQL system parameters.

  4. Edit file postgresql.conf. You may need sudo elevated privileges for doing this.

  5. Find line

    ssl = off
    and change it to
    ssl = on

  6. Add and configure encryption parameters:

    # - Security and Authentication
    authentication_timeout = 1min          # 1s-600s
    ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
    ssl_prefer_server_ciphers = on
    ssl_ecdh_curve = 'prime256v1'
    ssl_dh_params_file = ''
    ssl_cert_file = 'server.crt'
    ssl_key_file = 'server.key'
    ssl_ca_file = ''
    ssl_crl_file = ''

    Specify the filename of your certificate, choose ciphers, and configure other settings. Read here for further details.

  7. Save the config file.

Now PostgreSQL is ready to accept SSL-encrypted connections.

Enabling SSL at MMTE Side

Configure MMTE Server for establishing SSL-encrypted connections to PostgreSQL.

  1. Open MMTE Administrator.

  2. Choose Configure MMDB in the main window. The Configure MMDB dialog window opens.

  3. Click the SSL checkbox:


  4. Click the Validate and Close button.

    MMTE Administrator tries the SSL connection and closes the Configure MMDB dialog box upon successful validation.


    In case you have a certificate but it is not valid (e. g., expired), it is highly recommended to obtain and install a new one as soon as possible. Meanwhile, you can temporarily disable validation of the cert by using the Use PG Non-validating SSL Factory setting.

  5. Restart MMTE Server.

Back to top