Server Configuration for Secure Client Connections
On this page
This section describes how to enable secure connections between clients and the SingleStore cluster, but not between nodes within the SingleStore cluster.ssl_
and ssl_
settings on all aggregators.
Note that, depending on the client configuration, a client connecting to SingleStore may or may not use a secure connection even when SSL is enabled on the server.
SingleStore Tools
-
Place
server-cert.
andpem server-key.
files in thepem certs
directory on each aggregator in the cluster.You can copy the files from the Generating SSL Certificates section to all aggregators. Note that the
certs
directory and its contents must be owned by thememsql
user and group (e.g. , chown -R memsql:memsql <directory>
after copying the certificates todirectory
). -
Update the SingleStore configuration for all aggregators (it is also fine to configure all nodes) to set the
ssl_
andcert ssl_
settings to the paths to thekey server-cert.
andpem server-key.
files, respectively.pem These can be absolute paths, or relative to the SingleStore installation directory. You can do this by using sdb-admin update-config
.For example: sdb-admin list-nodes -q -r aggregator | xargs bash -c '</dev/tty sdb-admin update-config --key ssl_cert --value ./certs/server-cert.pem --memsql-id "$@"' memsqlsdb-admin list-nodes -q -r master | xargs bash -c '</dev/tty sdb-admin update-config --key ssl_cert --value ./certs/server-cert.pem --memsql-id "$@"' memsqlsdb-admin list-nodes -q -r aggregator | xargs bash -c '</dev/tty sdb-admin update-config --key ssl_key --value ./certs/server-key.pem --memsql-id "$@"' memsqlsdb-admin list-nodes -q -r master | xargs bash -c '</dev/tty sdb-admin update-config --key ssl_key --value ./certs/server-key.pem --memsql-id "$@"' memsql -
Alternatively, edit the
memsql.
file on all aggregators to add the certificate paths in thecnf [server]
section.For example: ssl_cert = ./certs/server-cert.pem ssl_key = ./certs/server-key.pem
-
Restart all SingleStore aggregators.
sdb-admin restart-node --all
MemSQL Ops
-
Place
server-cert.
andpem server-key.
files in thepem certs
directory on each aggregator in the cluster.You can copy the files from the Generating SSL Certificates section to all aggregators. Note that the
certs
directory and its contents must be owned by thememsql
user and group (e.g. , chown -R memsql:memsql <directory>
after copying the certificates todirectory
). -
Update the SingleStore configuration for all aggregators (it is also fine to configure all nodes) to set the
ssl_
andcert ssl_
settings to the paths to thekey server-cert.
andpem server-key.
files, respectively.pem These can be absolute paths, or relative to the SingleStore installation directory. You can do this by using memsql-ops memsql-update-config
.For example: memsql-ops memsql-list -q -r aggregator | xargs memsql-ops memsql-update-config --key ssl_cert --value ./certs/server-cert.pemmemsql-ops memsql-list -q -r master | xargs memsql-ops memsql-update-config --key ssl_cert --value ./certs/server-cert.pemmemsql-ops memsql-list -q -r aggregator | xargs memsql-ops memsql-update-config --key ssl_key --value ./certs/server-key.pemmemsql-ops memsql-list -q -r master | xargs memsql-ops memsql-update-config --key ssl_key --value ./certs/server-key.pem -
Alternatively, edit the
memsql.
file on all aggregators to add the certificate paths in thecnf [server]
section.For example: ssl_cert = ./certs/server-cert.pem ssl_key = ./certs/server-key.pem
-
Restart all SingleStore aggregators.
memsql-ops memsql-restart --all
Last modified: April 26, 2023