Skip to content

Configuring ACME with PostgreSQL Database

Endi S. Dewata edited this page Dec 6, 2024 · 1 revision

Overview

This document describes the process to configure ACME responder to use a PostgreSQL database.

Initializing PostgreSQL Database

First, prepare a database (e.g. acme) and a user (e.g. acme) to access the database. Verify the database connection with the following command:

$ psql -h $HOSTNAME -d acme -U acme

Next, install PostgreSQL JDBC driver in /usr/share/pki/server/common/lib, for example:

$ dnf install postgresql-jdbc
$ ln -s /usr/share/java/postgresql-jdbc/postgresql.jar /usr/share/pki/server/common/lib

Configuring ACME Database

A sample PostgreSQL database configuration is available at /usr/share/pki/acme/database/postgresql/database.conf.

To use the PostgreSQL database, copy the sample database.conf into the /var/lib/pki/pki-tomcat/conf/acme folder, or execute the following command to customize some of the parameters:

$ pki-server acme-database-mod --type postgresql \
    -Dpassword=Secret.123

The database.conf should look like the following:

class=org.dogtagpki.acme.database.PostgreSQLDatabase
url=jdbc:postgresql://<hostname>:5432/acme
user=acme
password=Secret.123

The PostgreSQL database provides a mechanism to monitor ACME configuration periodically. It can be enabled with the following parameters:

monitor.enabled=true
monitor.interval=5  # minutes

See Also

Clone this wiki locally