forked from docs/doc-exports
Lu, Huayi
c5fcb46315
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com> Co-authored-by: Lu, Huayi <luhuayi@huawei.com> Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
19 lines
3.7 KiB
HTML
19 lines
3.7 KiB
HTML
<a name="EN-US_TOPIC_0000001180440181"></a><a name="EN-US_TOPIC_0000001180440181"></a>
|
|
|
|
<h1 class="topictitle1">(Optional) Downloading the SSL Certificate</h1>
|
|
<div id="body1512464035130"><p id="EN-US_TOPIC_0000001180440181__p116661558191715">GaussDB(DWS) supports the standard SSL (TLS 1.2). As a highly secure protocol, SSL authenticates bidirectional identification between the server and client using digital signatures and digital certificates to ensure secure data transmission. To support SSL connection, GaussDB(DWS) has obtained the formal certificates and keys for the server and client from the CA certification center. It is assumed that the key and certificate for the server are <strong id="EN-US_TOPIC_0000001180440181__b128851914555">server.key</strong> and <strong id="EN-US_TOPIC_0000001180440181__b12682017125518">server.crt</strong> respectively; the key and certificate for the client are <strong id="EN-US_TOPIC_0000001180440181__b20213114312559">client.key</strong> and <strong id="EN-US_TOPIC_0000001180440181__b3463144613552">client.crt</strong> respectively, and the name of the CA root certificate is <strong id="EN-US_TOPIC_0000001180440181__b1624655295518">cacert.pem</strong>. </p>
|
|
<p id="EN-US_TOPIC_0000001180440181__p106516310478">By default, the SSL function is enabled for a data warehouse cluster (the server) to allow SSL and non-SSL connections from the client. In addition, the certificate, private key, and root certificate of the server have been configured by default.</p>
|
|
<div class="p" id="EN-US_TOPIC_0000001180440181__p149157403555"><span id="EN-US_TOPIC_0000001180440181__text13426410558">If the client or JDBC/ODBC driver needs to use SSL connection</span>, you must configure related SSL connection parameters in the client or application code. The GaussDB(DWS) management console provides the SSL certificate required by the client. The SSL certificate contains the default certificate, private key, root certificate, and private key password encryption file required by the client. Download the SSL certificate to the host where the client resides and specify the path of the certificate on the client.<div class="note" id="EN-US_TOPIC_0000001180440181__note10562173332511"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000001180440181__p272917247717">Using the default certificate may pose security risks. To improve system security, you are advised to periodically change the certificate to prevent password cracking. If you need to replace the certificate, contact the <span>database customer service</span>.</p>
|
|
</div></div>
|
|
</div>
|
|
<p id="EN-US_TOPIC_0000001180440181__p65971014105016">This section describes how to download an SSL certificate.</p>
|
|
<div class="section" id="EN-US_TOPIC_0000001180440181__section76342240557"><h4 class="sectiontitle">Downloading the SSL Certificate File</h4><ol id="EN-US_TOPIC_0000001180440181__ol42234077174739"><li id="EN-US_TOPIC_0000001180440181__li6029015714233"><span>Log in to the GaussDB(DWS) management console.</span></li><li id="EN-US_TOPIC_0000001180440181__li65517091174739"><span>In the navigation pane on the left, click <span class="uicontrol"><b>Connections</b></span>.</span></li><li id="EN-US_TOPIC_0000001180440181__li5284161174739"><span>In the <span class="parmname" id="EN-US_TOPIC_0000001180440181__parmname15032637154523"><b>Driver</b></span> area, click <span class="uicontrol" id="EN-US_TOPIC_0000001180440181__uicontrol1076007154523"><b>download an SSL certificate</b></span>.</span></li></ol>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_01_0093.html">Using the gsql CLI Client to Connect to a Cluster</a></div>
|
|
</div>
|
|
</div>
|
|
|