Help Center/ GaussDB(DWS)/ Tool Guide/ Data Studio/ Configuring SSL Connection
Updated on 2024-12-09 GMT+08:00

Configuring SSL Connection

Data Studio can connect to the database using the Secure Sockets Layer [SSL] option. To use the SSL connection mode, you must configure related parameters on the client or in the application code. The GaussDB(DWS) console provides the SSL certificate required by the client. The SSL certificate contains the default certificate, private key, root certificate, and private key password encryption file required by the client.

Server Configuration

After a GaussDB(DWS) cluster is deployed, the SSL authentication mode is enabled by default. The server certificate, private key, and root certificate have been configured.

SSL Certificate and Client Configuration

You need to configure the client.

  1. You can download an SSL certificate from GaussDB(DWS).

    Log in to the GaussDB(DWS) console. In the navigation pane, choose Management > Client Connections. In the Driver area, click download an SSL certificate.

    Figure 1 Downloading SSL certificate

  2. Decompress the downloaded dws_ssl_cert.zip package to obtain the certificate file. Click the SSL tab on the Data Studio client and set the following parameters:

    Table 1 Configuring SSL parameters

    Parameter

    Description

    Client SSL Certificate

    Select the sslcert\client.crt file in the decompressed SSL certificate directory.

    Client SSL Key

    Only the PK8 format is supported. Select the sslcert\client.key.pk8 file in the directory where the SSL certificate is decompressed.

    Root Certificate

    When SSL Mode is set to verify-ca or verify-full, the root certificate must be configured. Select the sslcert\cacert.pem file in the decompressed SSL certificate directory.

    SSL Password

    Set the password for the client SSL key in PK8 format. The default password is Gauss@MppDB.

    SSL Mode

    Supported SSL modes include:

    • require: The SSL factory does not require verification, nor does it check the certificate validity.
    • verify-ca: The certificate authority (CA) will be verified using the corresponding SSL factory.
    • verify-full: The CA and database will be verified using the corresponding SSL factory.

    GaussDB(DWS) does not support the verify-full mode.

    • You can select a valid Client SSL Certificate and Client SSL Key to export DDL and data from Data Studio using secure connections.
    • If the selected Client SSL Certificate and Client SSL Key are invalid, the export will fail. For details, see Troubleshooting.
    • If you deselect Enable SSL and proceed, the Connection Security Alert dialog box is displayed. Refer to Table 1 to determine whether to display this dialog box.
      • Continue: Continues to use insecure connections.
      • Cancel: Enables SSL.
      • Do not show again: If you select this option, the Connection Security Alert dialog box is not displayed for the subsequent connections of logged Data Studio instances.
    • Data Studio prompts you to enter the client key upon the first access to the gs_dump feature.
    Figure 2 SSL parameters