System Administration

Secure Connections Using TLS

The SQL service endpoint can make use of TLS.

The SQL service will always have TLS functionality enabled and active.

The database allows connections either unencrypted, or using TLS/SSL. The certificates used to establish SSL connections are located in the directory specified by certificateStore/path in the YAML the rolehostd.conf file, which is /var/opt/ocient by default. The certificate files need to exist on the SQL Nodes for connecting using JDBC.

Text


The server first looks for certificate or key files named server.crt and server.key in that directory. Those files should be stored in PEM format. If those files do not exist, the database will use the same ocient.crt and ocient.key that are used for the internal cluster authentication. The server.crt and server.key files should be used to provide user-defined certificates to the database.

When these files are in place, restart the services and they will automatically make use of TLS and the specified certificate.

By default, the database allows both encrypted and unencrypted database (JDBC) connections, even if user-provided server.crt and server.key exist.

Related Links