# Configuring SingleStore Tools for Secure Connections

SingleStore Tools support SSL secure connections to protect communications with the SingleStore server. To configure SingleStore Tools to connect with the server securely, you need a certificate for SingleStore Tools, issued by a trusted certificate authority (CA). Then perform either of the following actions to enable SSL.

* Edit the `memsqlctl.hcl` configuration file to add the path to the CA certificate file on each host. The path can be absolute or relative to the node’s base directory. For example:
  ```
  sslCaFile = path/to/ca-file
  ```
  Note that this setting is especially required when a host contains one or more nodes with the `root` user set to `REQUIRE SSL`.
* In newer versions of SingleStore (7.1.17+ and 7.3.4+), `memsqlctl` and therefore SingleStore Tools establish SSL connections by default unless the connection fails because of misconfiguration or invalid credentials. In these versions, set the `ssl_ca` engine variable to the path to the CA certificate file on each node. The file path can be absolute or relative to the node’s base directory. If `ssl_ca` is not set, publicly trusted system certificates will be used.

***

Modified at: June 22, 2022

Source: [/db/v9.1/security/encryption/ssl-secure-connections/configuring-singlestore-tools-for-secure-connections/](https://docs.singlestore.com/db/v9.1/security/encryption/ssl-secure-connections/configuring-singlestore-tools-for-secure-connections/)

(An index of the documentation is available at /llms.txt)