Connections > Amazon Redshift V2 connection properties > Configure SSL
  

Configure SSL

To use SSL to connect to Amazon Redshift, you need to configure the Secure Agent for SSL and enable SSL through the JDBC URL in the Amazon Redshift V2 connection properties.
    1Download the Amazon Redshift certificate from the following location: https://s3.amazonaws.com/redshift-downloads/redshift-ssl-ca-cert.pem.
    2At the command prompt, run the following command to add the certificate file to the key store: ${JAVA_HOME}/bin/keytool –keystore {JAVA_HOME}/lib/security/cacerts -import -alias <string_value> -file <certificate_filepath>.
    3In Administrator, select Runtime Environments.
    4Select the Secure Agent from the list of Secure Agents.
    5In the upper-right corner, click Edit.
    6In the System Configuration Details section, change the Type to DTM.
    7Click the Edit Agent Configuration icon next to JVMOption1 and add the following command: - Djavax.net.ssl.trustStore=<keystore_name>.
    8Click the Edit Agent Configuration icon next to JVMOption2 and add the following command:- Djavax.net.ssl.trustStorePassword=<password>.
    9Add the following parameter to the JDBC URL that you specify in the Amazon Redshift V2 connection properties: ssl=true.
    For example, jdbc:redshift://mycluster.xyz789.us-west- 2.redshift.amazonaws.com:5439/dev?ssl=true.
    10Click OK to save your changes.

Configure SSL with the serverless runtime environment

You can use the serverless runtime environment in an Amazon Redshift V2 connection to connect to an SSL-enabled Amazon Redshift database.
Before you configure a secure Amazon Redshift V2 connection using the serverless runtime environment, perform the following tasks:
Add the SSL certificate in the Amazon S3 bucket or Azure container
Perform the following steps to configure an SSL connection in a serverless runtime environment:
  1. 1Create the following structure for the serverless agent configuration in AWS or Azure: <Supplementary file location>/serverless_agent_config
  2. 2Add the certificate name and source path in the Amazon S3 bucket or Azure container in the following location in your AWS or Azure account: <Supplementary file location>/serverless_agent_config/SSL
Configure the .yml serverless configuration file
Perform the following steps to configure the .yml serverless configuration file in the serverless runtime environment and add the certificate name and path entries so that Amazon Redshift V2 Connector can use SSL:
  1. 1Copy the following code snippet to a text editor:
  2. version: 1
    agent:
    agentAutoApply:
    general:
    sslStore:
    - fileCopy:
    sourcePath: SSL/<cert_name>
    - importCerts:
    certName: <cert_name>
    alias: <alias name of the certificate>
    where the source path is the directory path of the certificate files in AWS or Azure.
  3. 2Ensure that the syntax and indentations are valid, and then save the file as serverlessUserAgentConfig.yml in the following AWS or Azure location: <Supplementary file location>/serverless_agent_config
  4. When the .yml file runs, the SSL certificates are copied from the AWS or Azure location to the serverless agent directory.
Configure the serverless environment
Configure the JVMOption1 and JVMOption2 properties for SSL in the serverless runtime environment:
  1. 1Navigate to your serverless runtime environment properties, and click Edit.
  2. 2On the Runtime Configuration Properties tab, click JVMoption1 and add the following property:
  3. -Djavax.net.ssl.trustStore=/home/cldagnt/SystemAgent/jdk/jre/lib/security/cacerts
  4. 3Click JVMoption2 and add the following property:
  5. -Djavax.net.ssl.trustStorePassword=changeit
  6. 4Click Save.
  7. 5Redeploy the runtime environment.
Configure the connection properties to use SSL
After you set the runtime properties in the serverless runtime environment, specify ssl=true in the JDBC URL connection property.
For example, jdbc:redshift://mycluster.xyz789.us-west-2.redshift.amazonaws.com:5439/dev?ssl=true