In the Google SQL UI panel, navigate to your PostgreSQL instance > Connections and make sure that ‘Allow only SSL connections’ is checked – this will enforce SSL connections. Then, click ‘Create Client Certificate’ which will generate the following certificates and private key:
As ‘client-key.cer/.der’ is the private key being used for Metadata, we will need to create another copy of it in DER format for Artifactory:
For Helm users:
If Artifactory is installed via Helm, the certificate can be copied as a secret:
1. Create the secret:
2. Add ‘customVolumes’ and ‘customVolumeMounts’ to the values.yaml file:
- client-cert.cer/.der
- client-key.cer/.der
- server-ca.cer/.der
As ‘client-key.cer/.der’ is the private key being used for Metadata, we will need to create another copy of it in DER format for Artifactory:
$ openssl pkcs8 -topk8 -outform DER -in client-key.cer/.der -out postgresql.key -nocryptFor demonstration, we will place ‘postgresql.key’ under ‘/etc/ssl/certs/’ as well.
For Helm users:
If Artifactory is installed via Helm, the certificate can be copied as a secret:
1. Create the secret:
$ ls ../gcp-certs client-cert.cer client-key.cer postgresql.key server-ca.cer
$ kubectl create secret generic gcp-certs --from-file="../gcp-certs/" secret/gcp-certs created
2. Add ‘customVolumes’ and ‘customVolumeMounts’ to the values.yaml file:
global: customVolumes: | - name: gcp-certs secret: secretName: gcp-certs customVolumeMounts: | - name: gcp-certs mountPath: /etc/ssl/certs/