Configuring MemSQL Ops for Secure Connections

As of version 4.0.31, MemSQL Ops supports SSL secure connections to protect communications between the browser and Ops primary agent. By default, Ops will be reachable via HTTPS on port 9001.

To enable SSL you need a private key and a certificate for MemSQL Ops, issued by a trusted Certificate Authority. In this guide we assume the private key is stored in key.pem and the certificate in cert.pem.

Connect to MemSQL Ops primary agent, then follow the steps below.

  1. Make sure to have your private key key.pem and certificate cert.pem. If you don’t have a key or certificate, you can generate a fresh RSA key and a self-signed certificate (replace location, organization name, and OPS_IP_ADDRESS with the primary agent IP address or hostname, e.g. if you connect to Ops via, then replace OPS_IP_ADDRESS with

    openssl req -x509 -newkey rsa:2048 -sha256 -keyout key.pem -out cert.pem \
    -nodes -subj "/C=US/ST=CA/L=San Francisco/O=My Org/CN=OPS_IP_ADDRESS"
  2. Install the key and certificate in MemSQL Ops user-shell sudo memsql-ops ssl-set-cert -k key.pem -c cert.pem

  3. Restart MemSQL Ops user-shell sudo memsql-ops restart [--ssl-port 9001]

    Make sure the SSL port (default 9001) is open and reachable on your primary agent host.

  4. Reload the web page in the browser.

    Note that, if you have generated a self-signed certificate as above, your browser won’t trust this certificate and will refuse to connect to MemSQL Ops. You may want to ignore the error message or add the self-signed certificate to the browser’s trusted sources. Depending on the browser and operating system, the procedure is slightly different. If not familiar, SingleStore recommends searching the web with keywords add self signed certificate.


    This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. ( This product includes cryptographic software written by Eric Young (

Last modified: October 31, 2023

Was this article helpful?