psql "host=<endpoint> user=<userid> dbname=<databasename> port=<port> sslm
ode=verify-ca sslrootcert=<certificate>"
Where:
• <endpoint> is the Endpoint you recorded in the previous step.
• <userid> is a user ID with permissions to connect to the cluster.
• <databasename> is the Database Name you recorded in the previous step.
• <port> is the Port you recorded in the previous step.
• <certificate> is the full path to the certificate file. On Windows systems, the certificate path
must be specified using Linux-style / separators instead of the Windows \ separator.
For example:
psql "host=examplecluster.<XXXXXXXXXXXX>.us-east-1.redshift.amazonaws.com
user=masteruser dbname=dev port=5439 sslmode=verify-ca sslrootcert=C:/MyDown
loads/redshift-ssl-ca-cert.pem"
4. At the psql password prompt, enter the password for the <userid> user.
You are connected to the cluster, and you can interactively enter commands.
Connect to Your Cluster Using SSL
To support Secure Sockets Layer (SSL) connections, Amazon Redshift creates and installs an SSL
certificate on each cluster.These certificates are signed by a public certificate authority. The public key
is stored at https://s3.amazonaws.com/redshift-downloads/redshift-ssl-ca-cert.pem.
Important
SSL support in Amazon Redshift is strictly for encrypting the connection between your client and
your cluster; it should not be relied on for authenticating the server.To authenticate the server,
install the public key (.pem file) for the SSL certificate on your client and use the key to connect
to your clusters.
By default, cluster databases accept a connection whether it uses SSL or not. To configure your cluster
to require an SSL connection, set the require_ssl parameter to true in the parameter group that is
associated with the cluster. For information about modifying a parameter group, see Modifying a Parameter
Group (p. 44).
Connect Using the Server Certificate in Java
Security Sockets Layers (SSL) provides one layer of security by encrypting data that moves between
your client and cluster. Using a server certificate provides an extra layer of security by validating that the
cluster is an Amazon Redshift cluster. It does so by checking the server certificate that is automatically
installed on all clusters that you provision. For more information about using server certificates with JDBC,
go to http://jdbc.postgresql.org/documentation/81/ssl-client.html.
This topic explains how to add the Amazon Redshift certificate to a Java keystore.The instructions assume
that the Java installation indicated by your JAVA_HOME environment variable is used by the client you
use to connect to your cluster. Additionally, we recommend that you run the commands in the task as
root user.
API Version 2012-12-01
105
Amazon Redshift Management Guide
Connect to Your Cluster Using SSL
To Next Page
Loading...
Need help?
General
