> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ocient.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Secure Connections Using TLS

The SQL service endpoint can make use of TLS.

The SQL service always has TLS functionality enabled and active.

The database allows connections either unencrypted, or using TLS/SSL. The certificates used to establish SSL connections are located in the directory specified by `certificateStore/path` in the `rolehostd.conf` YAML file, which is `/var/opt/ocient` by default.

The certificate files need to exist on the SQL Nodes for connecting using JDBC.

```Text Text theme={null}
/var/opt/ocient/server.crt
/var/opt/ocient/server.key
/var/opt/ocient/server-ca.crt
```

The server first looks for the certificate or key files named `server.crt` and `server.key` in that directory. Those files should be stored in PEM format. If those files do not exist, the database uses the same `ocient.crt` and `ocient.key` that are used for the internal cluster authentication. The `server.crt` and `server.key` files should be used to provide user-defined certificates to the database.

When these files are in place, restart the services, and they automatically make use of TLS and the specified certificate.

By default, the database allows both encrypted and unencrypted database (JDBC) connections, even if the specified `server.crt` and `server.key` files exist.

## Related Links

[Connect to Ocient](/connect-to-ocient)