Implemented SSL on the APM Postgres server and modified the EM tess-db-cfg.xml file to have "ssl=true" in the connection url i.e.
However after restart the EM connection to the APM DB fails with messages "Connections could not be acquired from the underlying database".
Also the postgresql log contains these messages "could not accept SSL connection: sslv3 alert certificate unknown"
Using the steps at the bottom of this page to add url parameter "ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory" the SSL certificate validation was disabled and the DB connection was successful after EM restart:
That indicated the root cause was most likely the Postgres client (EM) not having not having the Postgres server certificate imported into its java certificate store i.e. if using default jre installed with EM the file EM_HOME/jre/lib/security/cacerts
After importing the Postgres server certificate into EM_HOME/jre/lib/security/cacerts using the steps in the above Postgres URL and removing the "ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory" property the DB connection problem was confirmed as resolved after EM restart.