\n
Provide a SSLSocketFactory that allows SSL connections to be made without validating the server's certificate. This is more convenient for some applications, but is less secure as it allows \"man in the middle\" attacks.<\/code><\/p>\nLooking into the jar file<\/a> under “\/org\/postgres\/ssl” you’ll also find SingleCertValidatingFactory<\/a>. Now that’s much better:
\nProvides a SSLSocketFactory that authenticates the remote server against an explicit pre-shared SSL certificate. This is more secure than using the NonValidatingFactory as it prevents \"man in the middle\" attacks. It is also more secure than relying on a central CA signing your server's certificate as it pins the server's certificate.<\/code><\/p>\nLet’s get to it…<\/p>\n
The boring part:<\/strong> load the Postgres JDBC driver
\nGo to “Tools” -> “Preferences…” -> “Third Party JDBC Drivers” and add the jar file
\n![\"\"](\"https:\/\/www.spotonoracle.com\/wp-content\/uploads\/2018\/04\/pg-aws-conn-1.png\")
<\/a><\/p>\nThe tricky part:<\/strong> getting the connect string right (it’s actually not that hard)
\nSyntax:<\/p>\n\r\n<hostname>\/<database>?ssl=true&sslfactory=org.postgresql.ssl.SingleCertValidatingFactory&sslfactoryarg=file:<path-to-cert-file>&\r\n<\/pre>\nFor example:<\/p>\n
\r\nabc.xzy.us-east-1.rds.amazonaws.com\/postgres?ssl=true&sslfactory=org.postgresql.ssl.SingleCertValidatingFactory&sslfactoryarg=file:\/home\/btr\/certs\/amazon-rds.crt&\r\n<\/pre>\n
![\"\"](\"https:\/\/www.spotonoracle.com\/wp-content\/uploads\/2018\/04\/pg-aws-conn-2.png\")
<\/a><\/p>\n