CDC Connections with SSL

The following page describes how to connect to your source database using SSL.

To connect to a database hosted on AWS RDS using SSL, please follow these steps:

1. Download a PEM file

The first step is to download a Private Enhanced Mail (PEM) file to your workstation. If using AWS RDS certificates, the PEM file will contain the certificate bundle for the AWS Region that hosts your database, and is available from AWS here: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html

If using your own certificates, download a copy to your workstation.

2. Convert the PEM file to JKS

Next, convert your PEM file into a JKS file by following the scripted instructions referenced here: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html#UsingWithRDS.SSL-certificate-rotation-sample-script

3. Add the file to the server

The next step is to add the JKS file as a server file to be copied to the compute and API cluster containers on each launch.

To run this script you will need an API token to be generated to allow you to authenticate to your Upsolver deployment. Please read the guide on how to for generating an API token

The following script can be run locally on any workstation that has access to the file, and permissions within Upsolver to modify cluster parameters:

Compute cluster

echo {} | jq '{ clazz: "ModifyServerFile", serverFile: { name: "global_bundle.jks", "path": "/opt/global_bundle.jks", "content": $file1 }  }' --arg file1 $(cat <path to local jks file>| base64) |
http PATCH "https://api.upsolver.com/environments/<COMPUTE_CLUSTER_ID>/" "Authorization: $(cat <path to file containing API token>)" "X-Api-Impersonate-Organization: <ORG_ID>"

API cluster

echo {} | jq '{ clazz: "ModifyServerFile", serverFile: { name: "global_bundle.jks", "path": "/opt/global_bundle.jks", "content": $file1 }  }' --arg file1 $(cat <path to local jks file> | base64) |
http PATCH "https://api.upsolver.com/environments/<API_SERVER_ID>/" "Authorization: $(cat <path to file containing API token>)" "X-Api-Impersonate-Organization: <ORG_ID>"

4. Contact Upsolver support

Finally, please contact Upsolver support to have back end configurations set to force SSL connections using the global_bundle.jks file created in Step 3.

An example of the configuration parameters is shown below:

{
  "database.ssl.mode" : "required",
  "database.ssl.truststore" : "/opt/global_bundle.jks",
  "database.ssl.truststore.password": "<password>"
}

The truststore file should be the file you created in Step 3, and the password will be the password used when creating the JKS file in Step 2.

Last updated 20 days ago

echo {} | jq '{ clazz: "ModifyServerFile", serverFile: { name: "global_bundle.jks", "path": "/opt/global_bundle.jks", "content": $file1 } }' --arg file1 $(cat <path to local jks file>| base64) | http PATCH "https://api.upsolver.com/environments/<COMPUTE_CLUSTER_ID>/" "Authorization: $(cat <path to file containing API token>)" "X-Api-Impersonate-Organization: <ORG_ID>"

echo {} | jq '{ clazz: "ModifyServerFile", serverFile: { name: "global_bundle.jks", "path": "/opt/global_bundle.jks", "content": $file1 } }' --arg file1 $(cat <path to local jks file> | base64) | http PATCH "https://api.upsolver.com/environments/<API_SERVER_ID>/" "Authorization: $(cat <path to file containing API token>)" "X-Api-Impersonate-Organization: <ORG_ID>"