You can monitor the PostgreSQL database by configuring the database collector with the SSL client certificates.

Create the self-signed certificate using your domain, and then perform the following steps on Controller:

  1. Go to Databases > Add > Create New Collector.
  2. Under Advanced Options > Connection Properties, set the following JDBC connection properties:

    Ensure to enable the appropriate read permissions on the certificate files.

For One-way TLS

Property NameProperty Value
ssltrue
sslmode

verify-ca

When this parameter is set to verify-ca, libpq verifies that the server is trustworthy by checking the certificate chain up to a trusted certificate authority (CA). 

sslfactoryorg.postgresql.ssl.jdbc4.LibPQFactory
sslrootcert~/.postgresql/rootCA.crt

For mTLS

Property NameProperty Value
ssltrue
sslmode

verify-full

When this parameter is set to verify-full, libpq verifies that the server hostname matches its certificate. The SSL connection fails when the server certificate is not verified.

sslfactoryorg.postgresql.ssl.jdbc4.LibPQFactory
sslrootcert~/.postgresql/rootCA.crt
sslcert

~/.postgresql/postgres_client.crt

sslkey~/.postgresql/postres_client.pk8

You can also convert the .key certificate to .pk8 format using the following command:

openssl pkcs8 -topk8 -inform PEM -outform DER -in postgres_client.key -out postgres_client.pk8 -nocrypt
CODE