+8
With FME Desktop 2019 and newer, Postgres and Postgis support SSL, this mode has different options as shown below in the screenshot.
By default: Value is set to Disable
For Verify-CA and Verify-Full, options the root certificate needs to be stored when connecting to RDS instances.
+8
For FME Desktop
The certificate required to be stored at
C:\Users\<username>\AppData\Roaming\postgresql\root.cer
For FME Server
Engine with LocalService Account
C:\Windows\system32\config\systemprofile\AppData\Roaming/postgresql/root.crt
Engine with Interactive Account
C:\Users\<username>\AppData\Roaming\postgresql\root.cer
How to generate the certificate for Amazon RDS Postgres instances
On Window 10 using Powershell
wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -O C:\Users\<username>\AppData\Roaming\postgresql\root.cer
+11
For clarity, the above information is for a connection where FME is using SSL to connect to the database and provides a root.cer for the database server in the connection to establish SSL. It doesn't use the public/private key pair.
For anyone working with FME and Postgres Database where the database is set to "only allow SSL connections", or two-way... you'll find that the Postgres Formats won't work because there appears to be no way to provide the client-cert or client-key. (ISSUE filed to investigate this)
I explored this on both Windows and macOS. Same outcome, and no joy. Please let us know if this is something you'd like to see supported.
However, a workaround would be to use the JDBC Format where you can use additional connection parameters to pass to the database when making the connection. See the screengrab for the connection parameters you'll need to add to the JDBC Database Connection.
If you have other information related to x509, two-way connections with Postgres from FME please do share. I'll profess I'm no expert in this. Maybe one of the FME Scholars has found a way to get x509 required connections working with the Postgres Reader/Writers... Would love to hear.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.