You can store Certificate Enrollment Gateway data in an external PostgreSQL database. This topic describes how to deploy a PostgreSQL database for Certificate Enrollment Gateway.

To deploy a PostgreSQL database for Certificate Enrollment Gateway

  1. Download the PostgreSQL database from https://www.postgresql.org.
  2. Install PostgreSQL according to the instructions in the PostgreSQL documentation. As you install PostgreSQL:
    1. Enter and record the password for the database superuser. You need this password later. By default, the database superuser is named postgres.
    2. Enter and record the port used to connect to the database. You need this port later. By default, the port is 5432.
  3. Create a database user for Certificate Enrollment Gateway:
    1. On the PostgreSQL server, navigate to the directory containing the PostgreSQL createuser command.
    2. Enter the following command to create a new database user for Certificate Enrollment Gateway: 
      createuser -U <superuser> -P <user>
      Where:
      • <superuser> is the name of the database superuser.
      • <user> is the name of the new database user.
    3. For example: 
      createuser -U postgres -P ceguser
    4. When prompted, enter a password for the new database user.
    5. When prompted, confirm the password by entering it again.
    6. When prompted, enter the password of the database superuser.
  4. Create a new database instance for Certificate Enrollment Gateway:
    1. On the PostgreSQL server, navigate to the directory containing the PostgreSQL createdb command.
    2. Enter the following command to create a new database instance for Certificate Enrollment Gateway: 
      createdb -U <superuser> -O <user> <database>
      Where:
      • <superuser> is the name of the database superuser.
      • <user> is the name of the database user you created in the previous step. This database user will own the new database instance.
      • <database> is the name of the new database instance.
    3. For example:
      createdb -U postgres -O ceguser ceg
    4. When prompted, enter the password of the database user.
  5. Configure PostgreSQL to allow connections from Certificate Enrollment Gateway:
    1. In the postgresql.conf file, modify the listen_addresses setting to include the address of the appliance hosting Certificate Enrollment Gateway.
    2. In the pg_hba.conf file, enable host-based authentication for the appliance hosting Certificate Enrollment Gateway. For example:
      host ceg ceguser server.example.com scram-sha-256
      For details about this file, see the PostgreSQL documentation.
    3. Restart PostgreSQL for the changes to take effect.