|
1 | 1 | --- |
2 | | -title: SSL - Hyperscale (Citus) - Azure Database for PostgreSQL |
3 | | -description: Instructions and information to configure Azure Database for PostgreSQL - Hyperscale (Citus) and associated applications to properly use SSL connections. |
| 2 | +title: TLS - Hyperscale (Citus) - Azure Database for PostgreSQL |
| 3 | +description: Instructions and information to configure Azure Database for PostgreSQL - Hyperscale (Citus) and associated applications to properly use TLS connections. |
4 | 4 | author: jonels-msft |
5 | 5 | ms.author: jonels |
6 | 6 | ms.service: postgresql |
7 | 7 | ms.topic: conceptual |
8 | | -ms.date: 09/17/2019 |
| 8 | +ms.date: 03/30/2020 |
9 | 9 | --- |
10 | | -# Configure SSL in Azure Database for PostgreSQL - Hyperscale (Citus) |
11 | | -Client application connections to the Hyperscale (Citus) coordinator node require Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against "man-in-the-middle" attacks by encrypting the data stream between the server and your application. |
| 10 | +# Configure TLS in Azure Database for PostgreSQL - Hyperscale (Citus) |
| 11 | +Client application connections to the Hyperscale (Citus) coordinator node require Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL). Enforcing TLS connections between your database server and your client applications helps protect against "man-in-the-middle" attacks by encrypting the data stream between the server and your application. |
12 | 12 |
|
13 | | -## Enforcing SSL connections |
14 | | -For all Azure Database for PostgreSQL servers provisioned through the Azure portal, enforcement of SSL connections is enabled by default. |
| 13 | +## Enforcing TLS connections |
| 14 | +For all Azure Database for PostgreSQL servers provisioned through the Azure portal, enforcement of TLS connections is enabled by default. |
15 | 15 |
|
16 | | -Likewise, connection strings that are pre-defined in the "Connection Strings" settings under your server in the Azure portal include the required parameters for common languages to connect to your database server using SSL. The SSL parameter varies based on the connector, for example "ssl=true" or "sslmode=require" or "sslmode=required" and other variations. |
| 16 | +Likewise, connection strings that are pre-defined in the "Connection Strings" settings under your server in the Azure portal include the required parameters for common languages to connect to your database server using TLS. The TLS parameter varies based on the connector, for example "ssl=true" or "sslmode=require" or "sslmode=required" and other variations. |
17 | 17 |
|
18 | | -## Ensure your application or framework supports SSL connections |
19 | | -Some application frameworks that use PostgreSQL for their database services do not enable SSL by default during installation. If your PostgreSQL server enforces SSL connections but the application is not configured for SSL, the application may fail to connect to your database server. Consult your application's documentation to learn how to enable SSL connections. |
| 18 | +## Ensure your application or framework supports TLS connections |
| 19 | +Some application frameworks that use PostgreSQL for their database services do not enable TLS by default during installation. If your PostgreSQL server enforces TLS connections but the application is not configured for TLS, the application may fail to connect to your database server. Consult your application's documentation to learn how to enable TLS connections. |
20 | 20 |
|
21 | | -## Applications that require certificate verification for SSL connectivity |
| 21 | +## Applications that require certificate verification for TLS connectivity |
22 | 22 | In some cases, applications require a local certificate file generated from a trusted Certificate Authority (CA) certificate file (.cer) to connect securely. The certificate to connect to an Azure Database for PostgreSQL - Hyperscale (Citus) is located at https://dl.cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem. Download the certificate file and save it to your preferred location. |
23 | 23 |
|
24 | 24 | ### Connect using psql |
25 | | -The following example shows how to connect to your Hyperscale (Citus) coordinator node using the psql command-line utility. Use the `sslmode=verify-full` connection string setting to enforce SSL certificate verification. Pass the local certificate file path to the `sslrootcert` parameter. |
| 25 | +The following example shows how to connect to your Hyperscale (Citus) coordinator node using the psql command-line utility. Use the `sslmode=verify-full` connection string setting to enforce TLS certificate verification. Pass the local certificate file path to the `sslrootcert` parameter. |
26 | 26 |
|
27 | 27 | Below is an example of the psql connection string: |
28 | 28 | ``` |
|
0 commit comments