When installing the CM server, include the JDBC component to create the PostgreSQL database connection parameters, which are stored in the cm.conf configuration file.
Secure the connection
Enable TLS support for the connection to the PostgreSQL database server. You can configure CM to connect to PostgreSQL using certificate authentication for both server and client certificates. A complete guide on how to enable TLS on the PostgreSQL server can be found here: https://www.postgresql.org/docs/current/static/ssl-tcp.html.
After completing the guide, add additional JDBC parameters in the cm.conf file to enable secure connection between CM and the database.
A trust store must be configured by specifying a trust store path to a PEM encoded certificate, that contains both root and intermediate certificates. To specify a trust store, add the following parameters in cm.conf:
If client authentication is enabled on the PostgreSQL server, a client key and certificate also have to be configured by specifying a DER encoded certificate and private key. Note that the private key file MUST be protected against unauthorized usage. On Linux, this can be achieved by issuing the command chmod 0600 lcmreq-tls-key.p8. To specify a client TLS certificate and key, add the following parameters in cm.conf: