You can monitor the PostgreSQL database by configuring the database collector with the SSL client certificates.
Create the self-signed certificate using your domain, and then perform the following steps on Controller:
Go to Databases > Add > Create New Collector.
Under Advanced Options > Connection Properties, set the following JDBC connection properties:
Ensure to enable the appropriate read permissions on the certificate files.
For One-way TLS
Property Name
Property Value
ssl
true
sslmode
verify-ca
When this parameter is set to verify-ca, libpq verifies that the server is trustworthy by checking the certificate chain up to a trusted certificate authority (CA).
sslfactory
org.postgresql.ssl.jdbc4.LibPQFactory
sslrootcert
~/.postgresql/rootCA.crt
For mTLS
Property Name
Property Value
ssl
true
sslmode
verify-full
When this parameter is set to verify-full, libpq verifies that the server hostname matches its certificate. The SSL connection fails when the server certificate is not verified.
sslfactory
org.postgresql.ssl.jdbc4.LibPQFactory
sslrootcert
~/.postgresql/rootCA.crt
sslcert
~/.postgresql/postgres_client.crt
sslkey
~/.postgresql/postres_client.pk8
You can also convert the .key certificate to .pk8 format using the following command: