Connect your distributed EOP installation to an Amazon RDS database instance, via an encrypted TLS connection.
- Create a TrustStore containing certificates employed by Amazon RDS as detailed here.
- Copy this TrustStore file to each of your EOP nodes in a location that the contrast-server process will be able to read them from (e.g. under
- Configure the JDBC URL on each of your EOP nodes to require SSL (TLS), by modifying the value of the
jdbc.urlparameter in the
database.propertiesfile using the encrypted properties editor as documented here) as follows:
&characters in the password for this reason.
your_rds_urlwith the URL to your RDS instance
file:///path/to/rds-truststore.jkswith the full path to the location you placed the truststore file in step 2
changeitwith the password you specified in step 1
Quit and save the changes. Restart your contrast-server process.
jdbc.url). For EOP installations lower than 3.8.10 you can do so by adding
enabledTLSProtocols=TLSv1.2. For EOP versions 3.8.10 or greater (which use the mariadb driver) use