Based on documentation on how to configure Redshift via SSL as seen below. How would I “Connect Using the Server Certificate in Java”? Since based on the current suggestion in the doc we are “Connect Without Using the Server Certificate in Java”
URL parameters to be specified to ensure SSL connectivity:
sslfactory=org.postgresql.ssl.NonValidatingFactory
ssl=true
Reference: Here is the Redshift doc
I’m trying to find out if anyone has configured this for any of our customers, but haven’t heard anything yet.
One of our customers have configured it using postgre driver. What drive are you guys using?
Can you try those settings and let us know?
That is exactly how it is configured now which is considered “Connect Without Using the Server Certificate in Java” but our security team is requesting this to be “Connect Using the Server Certificate in Java”
Please read the section “To connect using a server certificate” under Connect Using the Server Certificate in Java in this AWS doc (Configuring security options for connections - Amazon Redshift)
Does it have to have IAM role enabled or just SSL with Public key?
I believe this is what’s needed:
Download the AWS Redshift certificate (public key .pem file) from AWS - the location is in the AWS document you provided.
Use the keytool program to add the certificate to the SnapLogic Java truststore. The command would look something like this. The default password for the truststore is changeit.
keytool -importcert -alias “AWS_Redshift” -keystore “/opt/snaplogic/pkgs/jre1.8.0_45/lib/security/cacerts” -file “/root/redshift-ssl-ca-cert.pem”
Restart the SnapLogic JCC.
Add the “ssl=true” property to the JDBC connect string in the SnapLogic Redshift Account definition.
If cloudplex, then our DevOps will need to import the cert (the certificate chain or simply the intermediate cert of the Redshift instance region ) using the keytool command shown by PSAmmirata.
