SnapLogic - Integration Nation

aleung · ‎05-05-2017

Based on documentation on how to configure Redshift via SSL as seen below. How would I “Connect Using the Server Certificate in Java”? Since based on the current suggestion in the doc we are “Connect Without Using the Server Certificate in Java”

URL parameters to be specified to ensure SSL connectivity:
sslfactory=org.postgresql.ssl.NonValidatingFactory
ssl=true

Reference: Here is the Redshift doc

nganapathiraju · ‎05-19-2017

One of our customers have configured it using postgre driver. What drive are you guys using?

Can you try those settings and let us know?

aleung · ‎05-19-2017

That is exactly how it is configured now which is considered “Connect Without Using the Server Certificate in Java” but our security team is requesting this to be “Connect Using the Server Certificate in Java”

Please read the section “To connect using a server certificate” under Connect Using the Server Certificate in Java in this AWS doc (Configuring security options for connections - Amazon Redshift)

pavan · ‎05-20-2017

Does it have to have IAM role enabled or just SSL with Public key?

PSAmmirata · ‎05-20-2017

I believe this is what’s needed:

Download the AWS Redshift certificate (public key .pem file) from AWS - the location is in the AWS document you provided.
Use the keytool program to add the certificate to the SnapLogic Java truststore. The command would look something like this. The default password for the truststore is changeit.

keytool -importcert -alias “AWS_Redshift” -keystore “/opt/snaplogic/pkgs/jre1.8.0_45/lib/security/cacerts” -file “/root/redshift-ssl-ca-cert.pem”

Restart the SnapLogic JCC.
Add the “ssl=true” property to the JDBC connect string in the SnapLogic Redshift Account definition.

aleung · ‎05-20-2017

Exactly, and the catch is I only uses cloudplex. Can support help setting this up?

SnapLogic - Integration Nation

Redshift with SSL?