Skip to content

Security Settings

This section describes the security-related options for the PostgreSQL® ESF Client.

SslManagerService Target Filter

Allows to specify, using an OSGi target filter, the kura.service.pid of a SslManagerService instance running on the framework.

Any change in the configuration of the selected SslManagerService will trigger an update of the Postgres client, causing a reconnection with the updated SslManagerService.

SSL Mode

Sets the SSL encryption and verification modality to use when connecting to a server. The server must have been compiled with SSL support for the modalities that enable SSL encryption. Please refer to the PostgreSQL® Native Server SSL setup tutorial on how to set up a native Postgres server with SSL.

The different options are explained in the components metatype. Please refer to the Postgres JDBC SSL documentation for more details.

Warning

The hostname verification will be overridden by what is specified on the selected SslManagerService. For instance, if SSL Mode = verify-ca but in the selected SslManagerService instance in SslManagerService Target Filter the hostname verification is enabled (see picture below), then the connection will fail when hostname verification fails.

The PostgreSQL® ESF Client implements Kura's SslServiceListener API. When the client is configured to use an SSL Mode that is not disable, then a configuration change on the SslManagerService from the "Security" section of the ESF UI will trigger a reconnection to the database.