By default, communications between Certificate Enrollment Gateway and the external database are unencrypted. It is recommended that you configure secure communications between Certificate Enrollment Gateway and the database. Configuring the database for secure communications requires configuring the database to use SSL/TLS communications. For instructions about configuring the database for SSL/TLS, see the database documentation. 

When configuring Certificate Enrollment Gateway, you must configure the database connection settings. When connecting to the database over SSL/TLS, Certificate Enrollment Gateway requires one of the following files:

• When using the default database connection settings for PostgreSQL or Microsoft SQL Server, Certificate Enrollment Gateway requires a CA certificates file in PEM format to validate the database server certificate.
• When using a custom JDBC connection string to connect to the database, Certificate Enrollment Gateway requires the PEM or P12 certificate file referenced in the JDBC connection string.