PDFs

If your PostgreSQL instance uses SSL connections, you must complete the following steps to monitor it.

  1. Download PEM file from Amazon and copy to a local directory.

  2. Convert the PEM file to a DER file using the following openssl command:

    openssl x509 -outform der -in rds-combined-ca-bundle.pem -out rds-combined-ca-bundle.der
  3. Add the certificate to the Java keystore using the following command:

    sudo keytool -import -noprompt -trustcacerts -alias AmazonRDS -file rds-combined-ca-bundle.der -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit


    You can verify that the certificate was added by running the following command:

    keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
  4. Re-start the dbagent process to register the certificate you added.
  5. In the Controller, create a new collector for PostgreSQL. In the Custom JDBC Connection String field, enter the following JDBC string:

    jdbc:postgresql://<RDS-Hostname>:<RDS-Port>/postgres?ssl=true

  • No labels