Configuring SingleStore Tools for Secure Connections
SingleStore Tools support SSL secure connections to protect communications with the SingleStoreDB server. To configure SingleStore Tools to connect with the server securely, you need a certificate for SingleStore Tools, issued by a trusted certificate authority (CA). Then perform either of the following actions to enable SSL.
Edit the
memsqlctl.hclconfiguration file to add the path to the CA certificate file on each host. The path can be absolute or relative to the node’s base directory. For example:sslCaFile = path/to/ca-file
Note that this setting is especially required when a host contains one or more nodes with the
rootuser set toREQUIRE SSL.In newer versions of SingleStoreDB (7.1.17+ and 7.3.4+),
memsqlctland therefore SingleStore Tools establish SSL connections by default unless the connection fails because of misconfiguration or invalid credentials. In these versions, set thessl_caengine variable to the path to the CA certificate file on each node. The file path can be absolute or relative to the node’s base directory. Ifssl_cais not set, publicly trusted system certificates will be used.