{"id":44934,"date":"2024-06-27T14:00:50","date_gmt":"2024-06-27T14:00:50","guid":{"rendered":"https:\/\/accuweb.cloud\/resource\/?post_type=faq&#038;p=44934"},"modified":"2026-02-18T12:12:53","modified_gmt":"2026-02-18T12:12:53","slug":"postgres-ssl-addon","status":"publish","type":"faq","link":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon","title":{"rendered":"SSL\/TLS Encryption in Transit for PostgreSQL"},"content":{"rendered":"<h2 class=\"ack-h2\">SSL\/TLS Encryption in Transit for PostgreSQL on Accuweb Cloud<\/h2>\n<p>SSL\/TLS <strong>encryption in transit<\/strong> for PostgreSQL refers to the use of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols to protect data while it is being transmitted betwen a PostgreSQL server and a client. SSL and its successor TLS are cryptographic protocols designed to provide secure communication over a computer network. They use encryption to ensure that data transmitted betwen the server and client cannot be read by unauthorized parties.<\/p>\n<p><a href=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-01.jpg\"><img fetchpriority=\"high\" decoding=\"async\" class=\"ack-article-image aligncenter wp-image-44935 size-full\" title=\" SSL\/TLS Postgrel SQL\" src=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-01.jpg\" alt=\" SSL\/TLS Postgrel SQL\" width=\"823\" height=\"595\" srcset=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-01.jpg 823w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-01-300x217.jpg 300w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-01-768x555.jpg 768w\" sizes=\"(max-width: 823px) 100vw, 823px\" \/><\/a><\/p>\n<p>The Accuweb Cloud platform offers a built-in add-on that provides &#8220;encryption in transit&#8221; functionality for PostgreSQL solutions. This addon establishes SSL\/TLS encrypted connections to secure data while it is transmitted betwen client and database servers.<\/p>\n<p><strong>The protection mechanisms include:<\/strong><\/p>\n<ul class=\"ack-ul\">\n<li><strong>Data Encryption Before Transmission:<\/strong> The addon ensures that data is encrypted before it leaves the client, making it unreadable to unauthorized parties during transit.<\/li>\n<li><strong>Endpoints Authentication:<\/strong> The addon verifies the identities of both the client and the server using digital certificates. This authentication process ensures that the data is sent to and received from legitimate endpoints.<\/li>\n<li><strong>Content Decryption:<\/strong> Upon arrival at the destination, the encrypted data is decrypted to its original form, allowing the intended recipient to access and process the data.<\/li>\n<li><strong>Verification Upon Arrival:<\/strong> The addon performs integrity checks to confirm that the data has not ben altered or tampered with during transmission. This verification process ensures the integrity and reliability of the data received.<\/li>\n<\/ul>\n<p>Let\u2019s se how to implement these security measures on the Accuweb Cloud platform to enhances the security of PostgreSQL database communications and protectin&#8217; sensitive information from potential threats durin&#8217; transit.<\/p>\n<h2 class=\"ack-h2\">Add On Installation of SSL\/TLS encrypted connection<\/h2>\n<p>To enable SSL\/TLS encryption for your PostgreSQL database, start by logging into your dashboard and navigating to the appropriate <strong>PostgreSQL database layer.<\/strong> Within this layer, go to the Add-Ons section and locate the <strong>SSL\/TLS Encryption add-on.<\/strong> Click <strong>Install<\/strong> to begin the process.<\/p>\n<p><a href=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-02.jpg\"><img decoding=\"async\" class=\"ack-article-image aligncenter wp-image-44949 size-full\" title=\"SSL\/TLS Encryption add-on\" src=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-02.jpg\" alt=\"SSL\/TLS Encryption add-on\" width=\"1090\" height=\"706\" srcset=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-02.jpg 1090w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-02-300x194.jpg 300w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-02-1024x663.jpg 1024w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-02-768x497.jpg 768w\" sizes=\"(max-width: 1090px) 100vw, 1090px\" \/><\/a><\/p>\n<p>A new installation window will open. Here, select the target<strong> environment<\/strong> and the specific node group(s) where you want to install the add-on. Once you have made your selections, click Install to continue. The system will then proceed to reconfigure your database.<\/p>\n<p><a href=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-03-1.png\"><img decoding=\"async\" class=\"ack-article-image aligncenter wp-image-44947 size-full\" title=\"Rreconfigure Your Database.\" src=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-03-1.png\" alt=\"Rreconfigure Your Database.\" width=\"848\" height=\"427\" srcset=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-03-1.png 848w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-03-1-300x151.png 300w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-03-1-768x387.png 768w\" sizes=\"(max-width: 848px) 100vw, 848px\" \/><\/a><\/p>\n<p>In about a minute, the reconfiguration process will complete, and your database will be set up to work over an encrypted connection.<\/p>\n<p><a href=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-04-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-44948 ack-article-image\" src=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-04-1.png\" alt=\"\" width=\"668\" height=\"421\" srcset=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-04-1.png 668w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-04-1-300x189.png 300w\" sizes=\"(max-width: 668px) 100vw, 668px\" \/><\/a><\/p>\n<h2 class=\"ack-h2\">Certificates Generation Processes and Details<\/h2>\n<h3 class=\"ack-h3\">Generation Utility<\/h3>\n<p>Certificates are generated using the <strong>\/usr\/local\/sbin\/selfcertgen<\/strong> utility. This utility automates the process of creating the necessary certificates for SSL\/TLS encryption.<\/p>\n<h3 class=\"ack-h3\">Self Signed Certificates<\/h3>\n<p>The certificates generated are self signed and are specifically issued for the hostname of the node they are created on. This means each node has its own unique set of certificates, and clients must use the corresponding certificates for the node they are accessing.<\/p>\n<h3 class=\"ack-h3\">Storage Location<\/h3>\n<p>Certificates are stored in the \/var\/lib\/jelastic\/keys\/SSL-TLS directory. This directory is accessible via the `keys` shortcut in the <a class=\"ack-link-color\" href=\"https:\/\/accuweb.cloud\/resource\/articles\/configuration-of-file-manager\/\" target=\"_blank\" rel=\"noopener\">file manager<\/a> for easy navigation. Inside this directory and there are two subfolders:<\/p>\n<h3 class=\"ack-h3\">Server Certificates (`server` folder)<\/h3>\n<p>These certificates are used by the server to provide TLS encryption for connections to the PostgreSQL database. They ensure that the data transmitted betwen the client and the server is encrypted and secure.<\/p>\n<h3 class=\"ack-h3\">Client Certificates (`client` folder)<\/h3>\n<p>These certificates can be downloaded and used by clients to authenticate their connection to the PostgreSQL database server. This functionality provides an additional layer of security by verifying the identity of the client.<\/p>\n<p><a href=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-05-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-44950 ack-article-image\" src=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-05-1.png\" alt=\"\" width=\"1323\" height=\"895\" srcset=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-05-1.png 1323w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-05-1-300x203.png 300w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-05-1-1024x693.png 1024w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-05-1-768x520.png 768w\" sizes=\"(max-width: 1323px) 100vw, 1323px\" \/><\/a><\/p>\n<h2 class=\"ack-h2\">PostgreSQL Configurations<\/h2>\n<p>To enhance security and support SSL PostgreSQL authentication is upgraded from MD5 to SCRAM SHA 256. This method is considered best practice by PostgreSQL developers.<\/p>\n<h3 class=\"ack-h3\">Authentication Upgrade<\/h3>\n<p>The default authentication protocol is changed from MD5 to SCRAM SHA 256. This change ensures a higher level of security for user authentication.<\/p>\n<p><a href=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-06.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"ack-article-image aligncenter wp-image-44951 size-full\" title=\"PostgreSQL Configurations\" src=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-06.jpg\" alt=\"PostgreSQL Configurations\" width=\"1581\" height=\"646\" srcset=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-06.jpg 1581w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-06-300x123.jpg 300w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-06-1024x418.jpg 1024w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-06-768x314.jpg 768w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-06-1536x628.jpg 1536w\" sizes=\"(max-width: 1581px) 100vw, 1581px\" \/><\/a><\/p>\n<h3 class=\"ack-h3\">Global Setting Update<\/h3>\n<p>If MD5 was previously used as the default authentication method, the setting is updated globally for the PostgreSQL daemon upon installation of the SSL addon.<\/p>\n<h2 class=\"ack-h2\">Configuration File Modifications<\/h2>\n<p>Modifications are made to the <strong>\/var\/lib\/pgsql\/data\/postgresql.conf<\/strong> configuration file to enable SSL and specify the necessary certificate files in <strong>\/var\/lib\/pgsql\/data\/pg_ssl.conf.<\/strong><\/p>\n<p><a href=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-07.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"ack-article-image aligncenter wp-image-44952 size-full\" title=\"Configuration File Modifications\" src=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-07.jpg\" alt=\"Configuration File Modifications\" width=\"1584\" height=\"652\" srcset=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-07.jpg 1584w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-07-300x123.jpg 300w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-07-1024x421.jpg 1024w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-07-768x316.jpg 768w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-07-1536x632.jpg 1536w\" sizes=\"(max-width: 1584px) 100vw, 1584px\" \/><\/a><\/p>\n<p>The following changes are applied:<\/p>\n<p><strong>SSL Certificate File:<\/strong> Specifies the path to the server&#8217;s SSL certificate.<\/p>\n<div class=\"article-space\"><\/div>\n<pre><code class=\"language-javascript\">\r\nssl_cert_file = '\/var\/lib\/jelastic\/keys\/SSL TLS\/server\/server.crt'<\/code><\/pre>\n<div class=\"article-space\"><\/div>\n<p><strong>SSL CA Certificate File:<\/strong> Specifies the path to the root Certificate Authority (CA) certificate.<\/p>\n<div class=\"article-space\"><\/div>\n<pre><code class=\"language-javascript\">\r\nssl_ca_file = '\/var\/lib\/jelastic\/keys\/SSL TLS\/server\/root.crt'<\/code><\/pre>\n<div class=\"article-space\"><\/div>\n<p><strong>SSL Key File:<\/strong> Specifies the path to the server&#8217;s SSL private key.<\/p>\n<div class=\"article-space\"><\/div>\n<pre><code class=\"language-javascript\">\r\nssl_key_file = '\/var\/lib\/jelastic\/keys\/SSL TLS\/server\/server.key'<\/code><\/pre>\n<div class=\"article-space\"><\/div>\n<p><strong>Enable SSL:<\/strong> Enables SSL for the PostgreSQL server, ensuring that connections are encrypted.<\/p>\n<div class=\"article-space\"><\/div>\n<pre><code class=\"language-javascript\">\r\nssl = on<\/code><\/pre>\n<div class=\"article-extra-space\"><\/div>\n<p><a href=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-08-1-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-44954 size-full\" src=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-08-1-1.png\" alt=\"\" width=\"1488\" height=\"652\" srcset=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-08-1-1.png 1488w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-08-1-1-300x131.png 300w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-08-1-1-1024x449.png 1024w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-08-1-1-768x337.png 768w\" sizes=\"(max-width: 1488px) 100vw, 1488px\" \/><\/a><\/p>\n<p>By implementing these configurations, PostgreSQL is set up to use secure SCRAM SHA 256 authentication and SSL encryption, significantly improving the security of database communications and interactions within a clustered environment.<\/p>\n<div class=\"article-space\"><\/div>\n<pre><code class=\"language-javascript\">\r\npg_hba.conf Modifications:<\/code><\/pre>\n<div class=\"article-space\"><\/div>\n<p>To enforce SSL authentication for users, the hostssl rule is used instead of the host rule in the<strong> \/var\/lib\/pgsql\/data\/pg_hba.conf file.<\/strong> This ensures that all connections specified by the rule require SSL.<\/p>\n<div class=\"article-space\"><\/div>\n<pre><code class=\"language-javascript\">\r\nhostssl all all 0.0.0.0\/0 scram sha 256<\/code><\/pre>\n<div class=\"article-extra-space\"><\/div>\n<p><a href=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-13-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"ack-article-image aligncenter wp-image-44956 size-full\" title=\"pg_hba.conf Modifications:\" src=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-13-1.png\" alt=\"pg_hba.conf Modifications\" width=\"1549\" height=\"654\" srcset=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-13-1.png 1549w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-13-1-300x127.png 300w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-13-1-1024x432.png 1024w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-13-1-768x324.png 768w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-13-1-1536x649.png 1536w\" sizes=\"(max-width: 1549px) 100vw, 1549px\" \/><\/a><\/p>\n<p>This line specifies that all connections to all databases and all users from any IP address must use SSL and SCRAM SHA 256 for authentication.<\/p>\n<h2 class=\"ack-h2\">PostgreSQL SSL Add-On Configuration<\/h2>\n<p>After installation, find the PostgreSQL SSL addon under the Add Ons tab in the appropriate layer(s). Here are the key configuration options:<\/p>\n<ul class=\"ack-ul\">\n<li><strong>Re issue Certificates:<\/strong> Regenerates SSL certificates for secure connections if compromised or accidentally deleted.<\/li>\n<li><strong>Configuration Tutorial:<\/strong> Opens a manual guide on how to establish an <a class=\"ack-link-color\" href=\"https:\/\/accuweb.cloud\/resource\/articles\/ssl-connection-to-postgresql\" target=\"_blank\" rel=\"noopener\">SSL connection to PostgreSQL<\/a>.<\/li>\n<li><strong>Uninstall:<\/strong> Removes the addon, along with custom configurations, generated SSL certificates from the layer.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-09.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"ack-article-image aligncenter wp-image-44955 size-full\" title=\"Configurations Tutorial SSL Uninstall\" src=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-09.jpg\" alt=\"Configurations Tutorial SSL Uninstall\" width=\"1374\" height=\"653\" srcset=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-09.jpg 1374w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-09-300x143.jpg 300w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-09-1024x487.jpg 1024w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-09-768x365.jpg 768w\" sizes=\"(max-width: 1374px) 100vw, 1374px\" \/><\/a><\/p>\n<h3 class=\"ack-h3\">Secure Connection to PostgreSQL<\/h3>\n<p>To ensure a secure connection to PostgreSQL, follow these steps immediately after installing the &#8220;encryption in transit&#8221; (server side encryption) functionality:<\/p>\n<h3 class=\"ack-h3\">Using psql Utility for Basic Connection<\/h3>\n<p>After installation, verify encryption in transit by connecting with the psql utility using the following command:<\/p>\n<div class=\"article-space\"><\/div>\n<pre><code class=\"language-javascript\"><a class=\"ack-link-color\" href=\"https:\/\/www.postgresql.org\/docs\/current\/app-psql.html\" target=\"_blank\" rel=\"noopener\">psql<\/a> U {userName} {dbName} h {host} p {port} W<\/code><\/pre>\n<div class=\"article-space\"><\/div>\n<ul class=\"ack-ul\">\n<li><strong>{userName}:<\/strong> Database username for the connection.<\/li>\n<li><strong>{dbName}:<\/strong> Name of the database to connect to.<\/li>\n<li><strong>{host}:<\/strong> Database entry point (<a class=\"ack-link-color\" href=\"https:\/\/accuweb.cloud\/resource\/articles\/endpoints\/\" target=\"_blank\" rel=\"noopener\">endpoint<\/a> or <a class=\"ack-link-color\" href=\"https:\/\/accuweb.cloud\/resource\/articles\/attach-public-ip\/\" target=\"_blank\" rel=\"noopener\">public IP<\/a>).<\/li>\n<li><strong>{port}:<\/strong> Port for the connection (obtained from the endpoint configuration).<\/li>\n<\/ul>\n<div class=\"article-space\"><\/div>\n<pre><code class=\"language-javascript\">\r\npsql U myuser mydatabase h example.com p 5432 W<\/code><\/pre>\n<div class=\"article-space\"><\/div>\n<p>Replace myuser, mydatabase, example.com, and 5432 with your actual credentials and <a class=\"ack-link-color\" href=\"https:\/\/accuweb.cloud\/resource\/articles\/endpoints\" target=\"_blank\" rel=\"noopener\">endpoint<\/a> details.<\/p>\n<p><a href=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-10.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"ack-article-image aligncenter wp-image-44957 size-full\" title=\"Credentials and endpoint details.\" src=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-10.jpg\" alt=\"Credentials and endpoint details.\" width=\"1605\" height=\"649\" srcset=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-10.jpg 1605w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-10-300x121.jpg 300w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-10-1024x414.jpg 1024w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-10-768x311.jpg 768w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-10-1536x621.jpg 1536w\" sizes=\"(max-width: 1605px) 100vw, 1605px\" \/><\/a><\/p>\n<h3 class=\"ack-h3\">Using Client Certificates for Enhanced Security<\/h3>\n<p>For additional security with server and client side encryption, use client certificates. These certificates can be downloaded from the <strong>\/var\/lib\/jelastic\/keys\/SSL-TLS\/client<\/strong> directory on the PostgreSQL node.<\/p>\n<div class=\"article-space\"><\/div>\n<pre><code class=\"language-javascript\">\r\npsql \"sslmode=verify-ca sslrootcert={path\/to\/root.crt} sslcert={path\/to\/client.crt} sslkey={path\/to\/client.key} host={host} port={port} user={userName} dbname={dbName}\"<\/code><\/pre>\n<div class=\"article-extra-space\"><\/div>\n<pre><code class=\"language-javascript\">\r\nExample: psql \"sslmode=verify-ca sslrootcert=\/var\/lib\/jelastic\/keys\/SSL-TLS\/server\/root.crt sslcert=\/path\/to\/client.crt sslkey=\/path\/to\/client.key host=node6094-postgresql.us-accuweb.cloud port=5432 user=webadmin dbname=postgres\"<\/code><\/pre>\n<div class=\"article-space\"><\/div>\n<p>Adjust the paths and credentials based on your specific setup.<\/p>\n<p><a href=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-11.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-44958 ack-article-image\" src=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-11.jpg\" alt=\"\" width=\"1605\" height=\"649\" srcset=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-11.jpg 1605w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-11-300x121.jpg 300w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-11-1024x414.jpg 1024w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-11-768x311.jpg 768w, https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/06\/SSL-TLS-11-1536x621.jpg 1536w\" sizes=\"(max-width: 1605px) 100vw, 1605px\" \/><\/a><\/p>\n<h2 class=\"ack-h2\">Conclusion<\/h2>\n<p>By following these steps, you can establish a secure connection to PostgreSQL, either using basic credentials or enhancing security with client certificates for encrypted communications. This setup ensures data integrity and confidentiality during transmission betwen clients and the PostgreSQL server.<\/p>\n<div class=\"cta-btn-top-space ack-extra-image-space\">\t\t<div data-elementor-type=\"section\" data-elementor-id=\"38668\" class=\"elementor elementor-38668\" data-elementor-settings=\"{&quot;ha_cmc_init_switcher&quot;:&quot;no&quot;}\" data-elementor-post-type=\"elementor_library\">\n\t\t\t        <section class=\"elementor-section elementor-top-section elementor-element elementor-element-882321f elementor-section-boxed elementor-section-height-default elementor-section-height-default ct-header-fixed-none ct-row-max-none\" data-id=\"882321f\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n            \n                        <div class=\"elementor-container elementor-column-gap-default \">\n                    <div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7cc79cc\" data-id=\"7cc79cc\" data-element_type=\"column\">\n        <div class=\"elementor-widget-wrap elementor-element-populated\">\n                    \n        \t\t<div class=\"elementor-element elementor-element-e31b40f elementor-widget elementor-widget-shortcode\" data-id=\"e31b40f\" data-element_type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\"><\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t            <\/div>\n        <\/div>\n                    <\/div>\n        <\/section>\n        \t\t<\/div>\n\t\t<\/div>\n<div class=\"cta-btn-bottom-space\"><\/div>\n","protected":false},"author":1,"featured_media":52879,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","class_list":["post-44934","faq","type-faq","status-publish","has-post-thumbnail","hentry","faq_topics-databases","faq_topics-encryption-in-transit-add-on","faq_topics-kb","faq_topics-postgre-sql","faq_topics-product-documentation"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v20.10 (Yoast SEO v24.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SSL\/TLS Encryption in Transit for PostgreSQL on AccuWeb.Cloud<\/title>\n<meta name=\"description\" content=\"Encrypt your PostgreSQL database communication using SSL\/TLS encryption on AccuWeb.Cloud to protect sensitive data from potential threats.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SSL\/TLS Encryption in Transit for PostgreSQL\" \/>\n<meta property=\"og:description\" content=\"Encrypt your PostgreSQL database communication using SSL\/TLS encryption on AccuWeb.Cloud to protect sensitive data from potential threats.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon\" \/>\n<meta property=\"og:site_name\" content=\"AccuWeb Cloud\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-18T12:12:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/07\/NEW-OG-IMAGE-URL.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#article\",\"isPartOf\":{\"@id\":\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon\"},\"author\":{\"name\":\"Jilesh Patadiya\",\"@id\":\"https:\/\/accuweb.cloud\/resource\/#\/schema\/person\/a7a4cbe8405202b537509c757b588c58\"},\"headline\":\"SSL\/TLS Encryption in Transit for PostgreSQL\",\"datePublished\":\"2024-06-27T14:00:50+00:00\",\"dateModified\":\"2026-02-18T12:12:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon\"},\"wordCount\":1092,\"publisher\":{\"@id\":\"https:\/\/accuweb.cloud\/resource\/#organization\"},\"image\":{\"@id\":\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#primaryimage\"},\"thumbnailUrl\":\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/07\/NEW-OG-IMAGE-URL.jpg\",\"inLanguage\":\"en-US\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon\",\"url\":\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon\",\"name\":\"SSL\/TLS Encryption in Transit for PostgreSQL on AccuWeb.Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/accuweb.cloud\/resource\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#primaryimage\"},\"image\":{\"@id\":\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#primaryimage\"},\"thumbnailUrl\":\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/07\/NEW-OG-IMAGE-URL.jpg\",\"datePublished\":\"2024-06-27T14:00:50+00:00\",\"dateModified\":\"2026-02-18T12:12:53+00:00\",\"description\":\"Encrypt your PostgreSQL database communication using SSL\/TLS encryption on AccuWeb.Cloud to protect sensitive data from potential threats.\",\"breadcrumb\":{\"@id\":\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#primaryimage\",\"url\":\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/07\/NEW-OG-IMAGE-URL.jpg\",\"contentUrl\":\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/07\/NEW-OG-IMAGE-URL.jpg\",\"width\":1280,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/accuweb.cloud\/resource\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SSL\/TLS Encryption in Transit for PostgreSQL\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/accuweb.cloud\/resource\/#website\",\"url\":\"https:\/\/accuweb.cloud\/resource\/\",\"name\":\"AccuWeb Cloud\",\"description\":\"Cutting Edge Cloud Computing\",\"publisher\":{\"@id\":\"https:\/\/accuweb.cloud\/resource\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/accuweb.cloud\/resource\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/accuweb.cloud\/resource\/#organization\",\"name\":\"AccuWeb.Cloud\",\"url\":\"https:\/\/accuweb.cloud\/resource\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/accuweb.cloud\/resource\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/04\/accuwebcloud_logo_black_tagline.jpg\",\"contentUrl\":\"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/04\/accuwebcloud_logo_black_tagline.jpg\",\"width\":156,\"height\":87,\"caption\":\"AccuWeb.Cloud\"},\"image\":{\"@id\":\"https:\/\/accuweb.cloud\/resource\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/accuweb.cloud\/resource\/#\/schema\/person\/a7a4cbe8405202b537509c757b588c58\",\"name\":\"Jilesh Patadiya\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/accuweb.cloud\/resource\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2cea2bdb5bbabb771ee67e96acad7396f25cb1a0c360b9bc4a9ac40cea9cd8b2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2cea2bdb5bbabb771ee67e96acad7396f25cb1a0c360b9bc4a9ac40cea9cd8b2?s=96&d=mm&r=g\",\"caption\":\"Jilesh Patadiya\"},\"description\":\"Jilesh Patadiya, the visionary Co-Founder and Chief Technology Officer (CTO) behind AccuWeb.Cloud. Founder &amp; CTO at AccuWebHosting.com. He shares his web hosting insights on the AccuWeb.Cloud blog. He mostly writes on the latest web hosting trends, WordPress, storage technologies, and Windows and Linux hosting platforms.\",\"sameAs\":[\"https:\/\/accuweb.cloud\/resource\",\"https:\/\/www.facebook.com\/accuwebhosting\",\"https:\/\/www.instagram.com\/accuwebhosting\/\",\"https:\/\/www.linkedin.com\/company\/accuwebhosting\/\",\"https:\/\/x.com\/accuwebhosting\",\"https:\/\/www.youtube.com\/c\/Accuwebhosting\"],\"url\":\"https:\/\/accuweb.cloud\/resource\/author\/accuwebadmin\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SSL\/TLS Encryption in Transit for PostgreSQL on AccuWeb.Cloud","description":"Encrypt your PostgreSQL database communication using SSL\/TLS encryption on AccuWeb.Cloud to protect sensitive data from potential threats.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon","og_locale":"en_US","og_type":"article","og_title":"SSL\/TLS Encryption in Transit for PostgreSQL","og_description":"Encrypt your PostgreSQL database communication using SSL\/TLS encryption on AccuWeb.Cloud to protect sensitive data from potential threats.","og_url":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon","og_site_name":"AccuWeb Cloud","article_modified_time":"2026-02-18T12:12:53+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/07\/NEW-OG-IMAGE-URL.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#article","isPartOf":{"@id":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon"},"author":{"name":"Jilesh Patadiya","@id":"https:\/\/accuweb.cloud\/resource\/#\/schema\/person\/a7a4cbe8405202b537509c757b588c58"},"headline":"SSL\/TLS Encryption in Transit for PostgreSQL","datePublished":"2024-06-27T14:00:50+00:00","dateModified":"2026-02-18T12:12:53+00:00","mainEntityOfPage":{"@id":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon"},"wordCount":1092,"publisher":{"@id":"https:\/\/accuweb.cloud\/resource\/#organization"},"image":{"@id":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#primaryimage"},"thumbnailUrl":"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/07\/NEW-OG-IMAGE-URL.jpg","inLanguage":"en-US"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon","url":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon","name":"SSL\/TLS Encryption in Transit for PostgreSQL on AccuWeb.Cloud","isPartOf":{"@id":"https:\/\/accuweb.cloud\/resource\/#website"},"primaryImageOfPage":{"@id":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#primaryimage"},"image":{"@id":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#primaryimage"},"thumbnailUrl":"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/07\/NEW-OG-IMAGE-URL.jpg","datePublished":"2024-06-27T14:00:50+00:00","dateModified":"2026-02-18T12:12:53+00:00","description":"Encrypt your PostgreSQL database communication using SSL\/TLS encryption on AccuWeb.Cloud to protect sensitive data from potential threats.","breadcrumb":{"@id":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#primaryimage","url":"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/07\/NEW-OG-IMAGE-URL.jpg","contentUrl":"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/07\/NEW-OG-IMAGE-URL.jpg","width":1280,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/accuweb.cloud\/resource\/articles\/postgres-ssl-addon#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/accuweb.cloud\/resource\/"},{"@type":"ListItem","position":2,"name":"SSL\/TLS Encryption in Transit for PostgreSQL"}]},{"@type":"WebSite","@id":"https:\/\/accuweb.cloud\/resource\/#website","url":"https:\/\/accuweb.cloud\/resource\/","name":"AccuWeb Cloud","description":"Cutting Edge Cloud Computing","publisher":{"@id":"https:\/\/accuweb.cloud\/resource\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/accuweb.cloud\/resource\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/accuweb.cloud\/resource\/#organization","name":"AccuWeb.Cloud","url":"https:\/\/accuweb.cloud\/resource\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/accuweb.cloud\/resource\/#\/schema\/logo\/image\/","url":"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/04\/accuwebcloud_logo_black_tagline.jpg","contentUrl":"https:\/\/accuweb.cloud\/resource\/wp-content\/uploads\/2024\/04\/accuwebcloud_logo_black_tagline.jpg","width":156,"height":87,"caption":"AccuWeb.Cloud"},"image":{"@id":"https:\/\/accuweb.cloud\/resource\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/accuweb.cloud\/resource\/#\/schema\/person\/a7a4cbe8405202b537509c757b588c58","name":"Jilesh Patadiya","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/accuweb.cloud\/resource\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2cea2bdb5bbabb771ee67e96acad7396f25cb1a0c360b9bc4a9ac40cea9cd8b2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2cea2bdb5bbabb771ee67e96acad7396f25cb1a0c360b9bc4a9ac40cea9cd8b2?s=96&d=mm&r=g","caption":"Jilesh Patadiya"},"description":"Jilesh Patadiya, the visionary Co-Founder and Chief Technology Officer (CTO) behind AccuWeb.Cloud. Founder &amp; CTO at AccuWebHosting.com. He shares his web hosting insights on the AccuWeb.Cloud blog. He mostly writes on the latest web hosting trends, WordPress, storage technologies, and Windows and Linux hosting platforms.","sameAs":["https:\/\/accuweb.cloud\/resource","https:\/\/www.facebook.com\/accuwebhosting","https:\/\/www.instagram.com\/accuwebhosting\/","https:\/\/www.linkedin.com\/company\/accuwebhosting\/","https:\/\/x.com\/accuwebhosting","https:\/\/www.youtube.com\/c\/Accuwebhosting"],"url":"https:\/\/accuweb.cloud\/resource\/author\/accuwebadmin"}]}},"_links":{"self":[{"href":"https:\/\/accuweb.cloud\/resource\/wp-json\/wp\/v2\/faq\/44934","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/accuweb.cloud\/resource\/wp-json\/wp\/v2\/faq"}],"about":[{"href":"https:\/\/accuweb.cloud\/resource\/wp-json\/wp\/v2\/types\/faq"}],"author":[{"embeddable":true,"href":"https:\/\/accuweb.cloud\/resource\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/accuweb.cloud\/resource\/wp-json\/wp\/v2\/comments?post=44934"}],"version-history":[{"count":12,"href":"https:\/\/accuweb.cloud\/resource\/wp-json\/wp\/v2\/faq\/44934\/revisions"}],"predecessor-version":[{"id":53092,"href":"https:\/\/accuweb.cloud\/resource\/wp-json\/wp\/v2\/faq\/44934\/revisions\/53092"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/accuweb.cloud\/resource\/wp-json\/wp\/v2\/media\/52879"}],"wp:attachment":[{"href":"https:\/\/accuweb.cloud\/resource\/wp-json\/wp\/v2\/media?parent=44934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}