New Certificate Hub deployments no longer support an internal database. Instead, these deployments use an external database with the following requirements.
DBMS
The external Certificate Hub database must be hosted on the following Database Management System (DBMS).
DBMS | Version |
|---|---|
PostgreSQL | 15 or higher |
Packages
Pre-packaged PostgreSQL packages typically include the postgresql-contrib subpackage. If not included, install this subpackage to obtain some of the required extensions.
https://www.postgresql.org/docs/current/contrib.html
Database storage
Calculate the required database storage based on the expected certificates and reports. For example, 1G storage is enough for 25,000 certificates and a few weeks of reports.
Data | Quantity | Bytes/Item | Total |
|---|---|---|---|
Certificates | 25,000 certificates | 20 KB/certificate | 500 MB |
Reports | 200 reports | 1 MB/report | 200 MB |
700 MB | |||
Database permissions
To create an external database user with sufficient permissions, connect to PSQL using the default PostgreSQL user and execute the following commands.
CREATE USER ${POSTGRES_USER} WITH NOSUPERUSER CREATEDB ENCRYPTED PASSWORD '${POSTGRES_PWD}';\c postgres ${POSTGRES_USER}CREATE DATABASE certhub;\c certhub ${POSTGRES_USER}CREATE EXTENSION IF NOT EXISTS pg_trgm;Where:
${POSTGRES_USER}is the value of thePOSTGRES_USER configuration setting.${POSTGRES_PWD}is the value of thePOSTGRES_PWD configuration setting.
See Configuring the deployment for a description of both settings.
Database SSL connection
Certificate Hub only supports SSL-protected connections with the PostgreSQL database.
Database names
Database names should not use uppercase letters to avoid case sensitivity problems. Unquoted identifiers in SQL syntax are converted to lowercase, which can lead to problems when mapping to a name with uppercase letters.