Server Configuration for Secure Client Connections

SingleStore Tools

1. Place server-cert.pem and server-key.pem files in the certs directory on each aggregator in the cluster. You can copy the files from the Generating SSL Certificates section to all aggregators.

   Note that the certs directory and its contents must be owned by the memsql user and group (e.g., chown -R memsql:memsql <directory> after copying the certificates to directory).

2. Update the SingleStore configuration for all aggregators (it is also fine to configure all nodes) to set the ssl_cert and ssl_key settings to the paths to the server-cert.pem and server-key.pem files, respectively. These can be absolute paths, or relative to the SingleStore installation directory. You can do this by using sdb-admin update-config. For example:

   Shell

   Copy

   sdb-admin list-nodes -q -r aggregator | xargs bash -c '</dev/tty sdb-admin update-config --key ssl_cert --value ./certs/server-cert.pem --memsql-id "$@"' memsql

   Shell

   Copy

   sdb-admin list-nodes -q -r master | xargs bash -c '</dev/tty sdb-admin update-config --key ssl_cert --value ./certs/server-cert.pem --memsql-id "$@"' memsql

   Shell

   Copy

   sdb-admin list-nodes -q -r aggregator | xargs bash -c '</dev/tty sdb-admin update-config --key ssl_key --value ./certs/server-key.pem --memsql-id "$@"' memsql

   Shell

   Copy

   sdb-admin list-nodes -q -r master | xargs bash -c '</dev/tty sdb-admin update-config --key ssl_key --value ./certs/server-key.pem --memsql-id "$@"' memsql

3. Alternatively, edit the memsql.cnf file on all aggregators to add the certificate paths in the [server] section. For example:

   Copy

   ssl_cert = ./certs/server-cert.pem
   ssl_key = ./certs/server-key.pem

4. Restart all SingleStore aggregators.

   Shell

   Copy

   sdb-admin restart-node --all