2.6.10 PostgreSQL SSL

    openssl req -new -text -out server.req           

Fill out the information that openssl asks for. The challengepassword can be left blank. The program will generate a key that ispassphrase protected; it will not accept a passphrase that is lessthan four characters long. To remove the passphrase (as you must ifyou want automatic start-up of the server), run the commands

    openssl rsa -in privkey.pem -out server.key    rm privkey.pem

Enter the old passphrase to unlock the existing key. Now do

    openssl req -x509 -in server.req -text -key server.key -out server.crt    chmod og-rwx server.key

to turn the certificate into a self-signed certificate and copythe key and certificate to the data directory of the server. Nowconvert the server.crt to a format java can import on theclient:

    openssl x509 -in server.crt -out server.crt.der -outform der

Now import the cert into the java keystore:

keytool -keystore [your java home here]/lib/security/cacerts -alias  [any name for cert desired] -import -file server.crt.der

enter the password for the cacerts keystore (default is’changeit’). Say yes to trust this cert.

Make sure your Aqua Data Studio instance knows which keystore touse for the SSL connection by adding to the startup script theparameter-Djavax.net.ssl.trustStore=<JAVA_HOME>\lib\security\cacerts

Windows: (Executable) - Modify the[ADS_INSTALL]\datastudio.ini
 - Add to the file vmarg.2=-Djavax.net.ssl.trustStore=<JAVA_HOME>\lib\security\cacerts"

Windows: (Batch) - Modify the [ADS_INSTALL]\datastudio.bator datastudio-bundled.bat
 - Last line should execute java with the parameter between"java" and "-cp" such as ...
"java -Djavax.net.ssl.trustStore=<JAVA_HOME>\lib\security\cacerts-cp"

OSX: - Modify /Aqua Data Studio/Contents/Info.plist

> ..>

>    <key>VMOptions</key>
>
> <string>-Djavax.net.ssl.trustStore=/Library/Java/Home/lib/security/cacerts
> -Xmx256m</string>
>     <key>MainClass</key>

>     <string>com.aquafold.datastudio.DataStudio</string>
> ...