Skip to main content
The SQL service endpoint can make use of TLS. The SQL service always has TLS functionality enabled and active. The database allows connections either unencrypted, or using TLS/SSL. The certificates used to establish SSL connections are located in the directory specified by certificateStore/path in the rolehostd.conf YAML file, which is /var/opt/ocient by default. The certificate files need to exist on the SQL Nodes for connecting using JDBC.
Text
/var/opt/ocient/server.crt
/var/opt/ocient/server.key
/var/opt/ocient/server-ca.crt
The server first looks for the certificate or key files named server.crt and server.key in that directory. Those files should be stored in PEM format. If those files do not exist, the database uses the same ocient.crt and ocient.key that are used for the internal cluster authentication. The server.crt and server.key files should be used to provide user-defined certificates to the database. When these files are in place, restart the services, and they automatically make use of TLS and the specified certificate. By default, the database allows both encrypted and unencrypted database (JDBC) connections, even if the specified server.crt and server.key files exist. Connect to Ocient
Last modified on May 27, 2026