How to connect to a Postgres database with Rundeck, using SSL certificates

This is not hard to do, but the documentation is a little bit confusing and all over the place, so I made this little steps reference to make this process a bit more simple and easy.

In this guide I will be assuming that you already have certificates to connect to your db, called rundeck.crt and rundeck.key.

You can use the following script, or edit it to suit your own environment. doublecheck all file paths.

This is in reference to my setup, using the RPM install.

sudo mkdir /var/lib/rundeck/.postgresql
sudo mv -t /var/lib/rundeck/.postgresql ~/rundeck.crt ~/rundeck.key
sudo mv /var/lib/rundeck/.postgresql/rundeck.key /var/lib/rundeck/.postgresql/postgresql.key
sudo mv /var/lib/rundeck/.postgresql/rundeck.crt /var/lib/rundeck/.postgresql/postgresql.crt
sudo chown -R rundeck:rundeck /var/lib/rundeck/.postgresql/
sudo chmod 0600 /var/lib/rundeck/.postgresql/*
export PGSSLKEY=/var/lib/rundeck/.postgresql/postgresql.key
export PGSSLCERT=/var/lib/rundeck/.postgresql/postgresql.crt
sudo -u rundeck openssl pkcs8 -topk8 -inform PEM -outform DER -in /var/lib/rundeck/.postgresql/postgresql.key -out /var/lib/rundeck/.postgresql/postgresql.pk8 -nocrypt
sudo -u rundeck openssl x509 -in /var/lib/rundeck/.postgresql/postgresql.crt -out /var/lib/rundeck/.postgresql/postgresql.der -outform der
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6.x86_64/jre/
sudo keytool -keystore $JAVA_HOME/lib/security/cacerts -alias postgresql -import -file server.crt.der

I used locate jdbc to get the path for JAVA_HOME.

As always, I hope this helps!

(For better formatting you can look at the script on my gitlab: https://gitlab.com/k-caps/linux-scripts/-/blob/master/rundeck/connect_to_pg_ssl.sh)