Mendix configuration - PostgreSQL database SSL

4
I am deploying a Mendix 2.5 application on a second server separate from the main database server. This second server is placed in a DMZ and requires a secure SSL database connection. The OS is Debian Linux. I have the following properties in my .m2eerc configuration. This results in the server trying to connect without using SSL, which is not allowed. How do I configure the server to use SSL? DatabaseType: PostgreSQL DatabaseHost: pgserver.domain:5432 DatabaseName: mendix DatabaseUserName: mendix DatabasePassword: "MyPass" Update: I've stumbled upon a solution myself. If you append '?ssl=true' to the DatabaseName configuration property, the server uses it as a JDBC connection property, thus forcing SSL.
asked
1 answers
5

Afaik, there's no option available to force the use of ssl in database settings. But, when running application and dmbs on separate hosts in an untrusted network, you want to use ssl indeed.

As a workaround, you can easily setup stunnel on the application server to accept connections and proxy them over ssl to your database server.

Note: when using ssl with postgres, be sure to put appropriate ssl key/certificate pairs in place, preferably using a self-setup CA. The easyrsa helper-scripts provided with openvpn are a good start to setup an internal CA. Be sure to only trust a postgresql server which can present a certificate that is signed by your own CA.

Never just enable ssl and use the default generated key/certificates. Doing that won't help you from being attacked with a man in the middle attack on your network .

answered