Although it is not enabled by default, it is possible to encrypt the connections to your Oracle, SQL, or PostgreSQL repositories using SSL as part of your installation or initialization. This encrypts the network and protects your connections.
The typical use cases that require encrypted repository connections are where you have a single network infrastructure, but you want to encrypt the data that flows between the machines internally; or where your network Traffic goes to another database in another network infrastructure. For example, your database is on an external network infrastructure to your Pyramid cluster.
Installation Types
Encrypted repository connections are driven by a flag to Enforce SSL (enforceDbSsl in unattended/file-based installations) that is supplied as part of the standard installation process.
- For more information about the installation processes, see Installation Guides.
Note: It is worth noting that your installation type constrains which server types you can install. For example, Kubernetes installations support only PostgreSQL and SQL servers.
Supported Certificates
When you enforce SSL:
- You can use a public certificate or upload your own self-signed certificates.
- You can upload one ZIP file that contains any number of base64 encoded PEM files. Each of the PEM files can only contain a single certificate. If more than one certificate is present within a file, the first one will be the only one loaded into the product.
How do I replace or refresh my certificates?
If you set up an installation with SSL encryption enabled and then, say, your certificate expires, or you want to refresh your certificates for security and maintenance reasons, you should contact Pyramid support for assistance. We will help you to refresh or replace your certificate.