SSL Certificates

Server Configuration

After a GaussDB(DWS) cluster is deployed, the SSL authentication mode is enabled by default. The server certificate, private key, and root certificate have been configured by default.

SSL Certificate and Client Configuration

You need to configure the client.

1. You can download an SSL certificate from GaussDB(DWS).

   Log in to the GaussDB(DWS) management console. In the navigation pane, choose Connections. In the Driver area, click download an SSL certificate.

   

2. Decompress the downloaded dws_ssl_cert.zip package to obtain the certificate file. Click the SSL tab on the Data Studio client and set the following parameters:

   Table 1 SSL parameters

   Parameter	Description
   Client SSL Certificate	Select the sslcert\client.crt file in the decompressed SSL certificate directory.
   Client SSL Key	Only the PK8 format is supported. Select the sslcert\client.key.pk8 file in the directory where the SSL certificate is decompressed.
   Root Certificate	When SSL Mode is set to verify-ca or verify-full, the root certificate must be configured. Select the sslcert\cacert.pem file in the decompressed SSL certificate directory.
   SSL Password	SSL key password in PK8 format on the client.
   SSL Mode	GaussDB(DWS) supports the following SSL modes: require verify-ca GaussDB(DWS) does not support the verify-full mode.

   Figure 1 SSL parameters