Skip to main content
Feedback

Connecting to Amazon RDS PostgreSQL using an SSL Certificate

By connecting to Amazon RDS PostgreSQL using an SSL certificate, you can connect to Amazon Web Service's (AWS) relational database using SSL.

About this task

The steps to connect the Database connector to Amazon Web Service’s (AWS) relational database using SSL are the same for all supported databases but differ depending on whether you are using a runtime cloud or basic runtime.

Procedure

  1. Connect using a runtime in a runtime cloud:

    a. Append to the connection string the parameter ssl=true.

    For example: jdbc:postgresql://<instance_endpoint>:<port_no>/<db_name>?ssl=true

  2. Connect using a local Runtime:

    a. Put the JDBC driver in the <installation_directory>/userlib/database directory. To place the driver in this directory, upload the JAR file into your Integration account library (Settings > Development Resources > Account Libraries), add that file to a Custom Library component, and deploy the component to the appropriate basic runtime, runtime cluster, runtime cloud, or environment.

    note

    Uploaded or imported files pass through a virus scanner first. If the scan detects a virus, you receive an error message, and the scan rejects the file. If an error persists, contact Boomi Support.

    b. Download the root certificate from Amazon Relational Database Service.

    c. Convert the certificate to DER format using the command openssl x509 -outform der -in certificate.pem -out certificate.der

    d. Import the Amazon RDS certificate into the Java keystore using the command: keytool -import -alias your-alias -keystore cacerts -file certificate.der

    e. Edit the connection URL in the database connector to read: jdbc:postgresql://<instance_end_point>:<instance_port_no>/<db_name\>?ssl=true

    The connection now uses the SSL for communication with a PostgreSQL database.

  3. Verify the SSL connection by setting the Java debug system property:

    a. Go to Manage > Runtime Management and click the Custom tab.

    b. In the System Properties section, click Add a Property.

    c. In the Property field, type -Djavax.net.debug=all.

    d. Click Save.

    Because changes to these properties do not take effect until the basic runtime, runtime cluster, or private runtime cloud is restarted, you are prompted to restart. You have the option to restart now or restart later.

    You can now monitor the SSL communication and the SSL handshake being performed when you run the process. If you do not have the right certificate, this error is generated:

    [com.sun.net.ssl.internal.ssl.SSLSocketImpl handleException] ASyncMPollExecutor-thread-1, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Alternatively, you can create a process where the operation gets the value of the ssl_is_used field.

If this value is returned t(true), the connection is SSL. If you do not put SSL parameters in the connection URL, the connection may be successful but is not over SSL.

Next Steps

For more information about PostgreSQL on Amazon RDS, see the Amazon Web Services User Guide.

On this Page