Configuring SingleStore Tools for Secure Connections

SingleStore Tools support SSL secure connections to protect communications with the SingleStore server. To configure SingleStore Tools to connect with the server securely, you need a certificate for SingleStore Tools, issued by a trusted certificate authority (CA). Then perform either of the following actions to enable SSL.

• Edit the memsqlctl.hcl configuration file to add the path to the CA certificate file on each host. The path can be absolute or relative to the node’s base directory. For example:

  Copy

  sslCaFile = path/to/ca-file

  Note that this setting is especially required when a host contains one or more nodes with the root user set to REQUIRE SSL.

• In newer versions of SingleStore (7.1.17+ and 7.3.4+), memsqlctl and therefore SingleStore Tools establish SSL connections by default unless the connection fails because of misconfiguration or invalid credentials. In these versions, set the ssl_ca engine variable to the path to the CA certificate file on each node. The file path can be absolute or relative to the node’s base directory. If ssl_ca is not set, publicly trusted system certificates will be used.