Perform the following steps to set up TLS 1.2 for the PostgreSQL Replication Service using your own certificates:
- If active, stop the failover monitoring service:/opt/teradata/client/nn.nn/datamover/failover/dmcluster stopmonitor
Where nn.nn in the path refers to the version numbers of Data Mover.
- Run the following on both the primary and secondary systems:
- Edit the /var/opt/teradata/postgres/data/postgresql.conf configuration file.
- Replace the following properties with your certificate files:
- ssl_cert_file=server certificate
- ssl_key_file=server private key
- ssl_ca_file=trusted certificate authorities
For more information on these properties, refer to https://www.postgresql.org/docs/10/runtime-config-connection.html#GUC-SSL-CERT-FILE.
- Stop the Daemon service:/etc/init.d/dmdaemon stop
- Stop the DSC service:/etc/init.d/dsc stop
- Restart the Postgres service:/etc/init.d/postgresql restart
- Start the DSC service:/etc/init.d/dsc start
- Start the Daemon service:/etc/init.d/dmdaemon start
- Start the failover monitoring service if it was previously configured:/opt/teradata/client/nn.nn/datamover/failover/dmcluster startmonitor