When deployed, Certificate Authority adds the following database requirements.

Database management system

Certificate Authority supports the following Database Management Systems (DBMS).

Database storage

Calculate the required database storage based on the expected data.

Database platform

Check the DBMS documentation for the DBMS requirements on each platform. In the case of PostgreSQL, we recommend downloading the official Docker image:

https://hub.docker.com/_/postgres 

If you are not using this Docker image, make sure to install the pg_trgm extension by running this command. 

Database user permissions

The database user must have permissions on the public schema.

For example, to create a PostgreSQL database user with sufficient permissions, connect to PSQL using the default PostgreSQL user and execute the following commands.

Where:

• ${POSTGRES_USER} is the database user name.
• ${POSTGRES_PWD} is the database user password.

Database allowed connections

Restrict database incoming connections to those originating from the Cryptographic Security Platform host.

To restrict incoming connections on a PostgreSQL database

1. Edit the following PostgreSQL configuration file.

   pg_hba.conf

2. Add the following line.

   hostssl cm ${POSTGRES_USER} <host> scram-sha-256

   Where <host> is the IP address of the Cryptographic Security Platform host.

Database supported number of connections

The Certificate Authority database must support:

• 272 connections in single-node deployments
• 544 in multinode ones

Database TLS certificate

In TLS-protected connections with the database, the TLS certificate of the database must include the IP address or hostname Cryptographic Security Platform will use to connect with the database. You can alternatively:

• Set the hostname or IP address in the CN attribute of the certificate subject.
• Set the hostname in a SAN attribute of the dNSName type.
• Set the IP address in a SAN attribute of the iPAddress type.