Monitor SSL-enabled PostgreSQL Database

You can monitor the PostgreSQL database by configuring the database collector with the SSL client certificates.

Create the self-signed certificate using your domain, and then perform the following steps on Controller:

  1. Go to Databases > Add > Create New Collector.
  2. Under Advanced Options > Connection Properties, set the following JDBC connection properties:
    Note: Ensure to enable the appropriate read permissions on the certificate files.
For One-way TLS
Property NameProperty Value
ssltrue
sslmodeverify-ca
Note: When this parameter is set to verify-ca, libpq verifies that the server is trustworthy by checking the certificate chain up to a trusted certificate authority (CA).
sslfactoryorg.postgresql.ssl.jdbc4.LibPQFactory
sslrootcert~/.postgresql/rootCA.crt
For mTLS
Property NameProperty Value
ssl true
sslmode verify-full
Note: When this parameter is set to verify-full, libpq verifies that the server hostname matches its certificate. The SSL connection fails when the server certificate is not verified.
sslfactory org.postgresql.ssl.jdbc4.LibPQFactory
sslrootcert ~/.postgresql/rootCA.crt
sslcert

~/.postgresql/postgres_client.crt

sslkey ~/.postgresql/postres_client.pk8
Note: You can also convert the .key certificate to .pk8 format using the following command:
openssl pkcs8 -topk8 -inform PEM -outform DER -in postgres_client.key -out postgres_client.pk8 -nocrypt