To monitor a PostgreSQL instance that uses SSL connections, complete the following steps.

  1. Create the .postgresql directory under the system home folder, then create a file, root.crt in the directory.
    /home/<name>/.postgresql/root.crt 

  2. Download PEM file from Amazon and copy to a local directory.

  3. Convert the PEM file to a DER file using the following openssl command:

    openssl x509 -outform der -in rds-combined-ca-bundle.pem -out rds-combined-ca-bundle.der
    CODE

  4. Add the certificate to the Java keystore using the following command:

    sudo keytool -import -noprompt -trustcacerts -alias AmazonRDS -file rds-combined-ca-bundle.der -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
    CODE


    You can verify that the certificate was added by running the following command:

    keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
    CODE
  5. Re-start the dbagent process to register the certificate you added.
  6. In the Controller, create a new collector for PostgreSQL.

    1. In the Custom JDBC Connection String field, enter the following JDBC string:
      jdbc:postgresql://<RDS-Hostname>:<RDS-Port>/postgres?ssl=true 

    2. In the ADVANCED OPTIONS section, select Connection Properties and then specify these property details:

      Property NameProperty Value
      sslrootcertThe location of the downloaded PEM file
      sslmodeverify-full