Localhost connections to the PostgreSQL database do not use TLS. To enable TLS, you can generate your own self-signed certificate with OpenSSL or provide your own certificate.
- To generate a self-signed certificate with OpenSSL, run the following commands:
openssl req -new -text -out cert.req openssl rsa -in privkey.pem -out cert.pem openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert
- To provide your own certificate, complete the following steps:
- Modify the ownership of the CAcerts.crt file to postgres.
- Edit the postgresql.conf file to include the directive
ssl_ca_file = 'CAcerts.crt
.If you are using a certificate with a CA chain, you must add a CAcerts.crt file containing the intermediate and root CA certificates to the same directory.