Sign inTry Free

Configuring SingleStore Tools for Secure Connections

SingleStore Tools support SSL secure connections to protect communications with the SingleStore server. To configure SingleStore Tools to connect with the server securely, you need a certificate for SingleStore Tools, issued by a trusted certificate authority (CA). Then perform either of the following actions to enable SSL.

  • Edit the memsqlctl.hcl configuration file to add the path to the CA certificate file on each host. The path can be absolute or relative to the node’s base directory. For example:

    sslCaFile = path/to/ca-file

    Note that this setting is especially required when a host contains one or more nodes with the root user set to REQUIRE SSL.

  • In newer versions of SingleStore (7.1.17+ and 7.3.4+), memsqlctl and therefore SingleStore Tools establish SSL connections by default unless the connection fails because of misconfiguration or invalid credentials. In these versions, set the ssl_ca engine variable to the path to the CA certificate file on each node. The file path can be absolute or relative to the node’s base directory. If ssl_ca is not set, publicly trusted system certificates will be used.

Last modified: June 22, 2022

Was this article helpful?

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK