Secure Connections Using TLS

the sql service endpoint can make use of tls the sql service always has tls functionality enabled and active the database allows connections either unencrypted, or using tls/ssl the certificates used to establish ssl connections are located in the directory specified by certificatestore/path in the rolehostd conf yaml file, which is /var/opt/ocient by default the certificate files need to exist on the sql nodes for connecting using jdbc /var/opt/ocient/server crt /var/opt/ocient/server key /var/opt/ocient/server ca crt the server first looks for the certificate or key files named server crt and server key in that directory those files should be stored in pem format if those files do not exist, the database uses the same ocient crt and ocient key that are used for the internal cluster authentication the server crt and server key files should be used to provide user defined certificates to the database when these files are in place, restart the services, and they automatically make use of tls and the specified certificate by default, the database allows both encrypted and unencrypted database (jdbc) connections, even if the specified server crt and server key files exist related links docid\ tyktrvrfpdxdnt9gnwbrh