AWS PostgreSQL Database Server SSL Configuration

In Control-M/EM and Control-M/Server you can configure an SSL encryption to the following AWS PostgreSQL database servers:

  • AWS PostgreSQL Relational Database Service (RDS)

  • AWS PostgreSQL Aurora

You can configure the SSL connection to an AWS PostgreSQL database server, as follows:

  • New Installation: Install Control-M/EM or Control-M/Server with your certificate using the custom installation option.

  • Existing Installation: You can configure the connection to an existing Control-M/EM or Control-M/Server by performing the following procedures.

Configuring Control-M/EM and AWS PostgreSQL Database Server SSL Encryption Link copied to clipboard

This procedure describes how to configure SSL encryption between Control-M/EM and an AWS PostgreSQL Database Server.

  • If SSL was already configured after you installed Control-M/EM 9.0.20.205 or 9.0.20.211, you do not need to do this procedure.

  • If Control-M/EM is installed in a High Availability environment or Control-M/EM Distributed, enable SSL on both the primary and secondary and Control-M/EM Distributed host.

  • To ensure that Control-M Usage Reporting Tool continues to function when Control-M/EM is configured with SSL encryption on an AWS database server, contact your DBA, and verify that you can connect to the database without a certificate, in a non-secure mode.

Before You Begin

  • Verify that Control-M/EM 9.0.21.100 or higher is installed.

  • Download a valid AWS certificate from the AWS website and save it to a location that is accessible to the Linux machine where your Control-M/EM account is installed.

Begin

  1. Stop all Control-M components including Control-M Web.

  2. Run the following command:

    ~/ctm_em/bin/DBUData/scripts/ssl_api.sh --ENABLE_SSL --DB_USER_PASSWD <password> --CERTIFICATE_FILE <certificate location>

  3. Test the connection with the following command:

    ~/ctm_em/bin/DBUData/scripts/ssl_api.sh --TEST_CONNECTION --DB_USER_PASSWD <password>

    If the test completed successfully, the following message appears:

    SSL is enabled

    SSL version: TLSv1.2

    Cipher: ECDHE-RSA-AES256-GCM-SHA384

    Bits: 256

  4. Start up Control-M/EM components.

  5. Log out and log in to the Control-M/EM host.

Disabling Control-M/EM and AWS PostgreSQL Database Server SSL EncryptionLink copied to clipboard

This procedure describes how to disable SSL encryption between Control-M/EM and an AWS PostgreSQL Database Server.

If Control-M/EM is installed on more than one host, disable SSL on each host.

Begin

  1. Stop all Control-M/EM components including Control-M Web.

  2. Run the following command:

    ~/ctm_em/bin/DBUData/scripts/ssl_api.sh --DISABLE_SSL

  3. Start up Control-M/EM components.

  4. Log out and log in to the Control-M/EM host.

Configuring Control-M/Server and AWS PostgreSQL Database Server SSL Encryption Link copied to clipboard

This procedure describes how to configure SSL encryption between Control-M/Server and an AWS PostgreSQL Database Server.

  • If SSL was already configured after you installed Control-M/Server 9.0.20.205 or 9.0.20.204, you do not need to do this procedure.

  • If Control-M/Server is installed in a High Availability environment, enable SSL on both the primary and secondary host.

Before You Begin

  • Verify that Control-M/Server 9.0.21.100 or higher is installed.

  • Download a valid AWS certificate from the AWS website and save it to a location that is accessible to the Linux machine where your Control-M/Server account is installed.

Begin

  1. From the home directory, shut down both the Control-M/Server and the Control-M/Server Configuration Agent with the following commands:

    • shut_ctm

    • shut_ca

  2. Run the following command:

    ~/ctm_server/exe_Linux-x86_64/DBUData/scripts/ssl_api.sh --ENABLE_SSL --DB_USER_PASSWD <password> --CERTIFICATE_FILE <certificate location>

  3. Log out and log in to the Control-M/Server host.

  4. Test the connection with the following command:

    ~/ctm_server/exe_Linux-x86_64/DBUData/scripts/ssl_api.sh --TEST_CONNECTION --DB_USER_PASSWD <password>

    If the test completed successfully, the following message appears:

    SSL is enabled

    SSL version: TLSv1.2

    Cipher: ECDHE-RSA-AES256-GCM-SHA384

    Bits: 256

  5. Restart both the Control-M/Server and the Control-M/Server Configuration Agent with the following commands:

    • start_ca

    • start_ctm

Disabling Control-M/Server and AWS PostgreSQL Database Server SSL EncryptionLink copied to clipboard

This procedure describes how to disable SSL encryption between Control-M/Server and an AWS PostgreSQL Database Server.

If Control-M/Server is installed on both the primary and secondary in a High Availability environment, disable SSL on each host.

Begin

  1. From the home directory, shut down both the Control-M/Server and the Control-M/Server Configuration Agent with the following commands:

    • shut_ctm

    • shut_ca

  2. Run the following command:

    ~/ctm_server/exe_Linux-x86_64/DBUData/scripts/ssl_api.sh --DISABLE_SSL --DB_USER_PASSWD <password>

  3. Test the connection with the following command:

    ~/ctm_server/exe_Linux-x86_64/DBUData/scripts/ssl_api.sh --TEST_CONNECTION --DB_USER_PASSWD <password>

    If the test completed successfully, the following message appears:

    SSL is currently disabled.

  4. Log out and log in to the Control-M/Server host.

  5. Restart both the Control-M/Server and the Control-M/Server Configuration Agent with the following commands:

    • start_ca

    • start_ctm