Configuring SSL Connections

If you are connecting to a MySQL server that has Secure Sockets Layer (SSL) enabled, then you can configure the connector to connect to an SSL-enabled socket and encrypt the connection. When connecting to a server over SSL, the connector supports identity verification between the client and the server.

For detailed information about the options on this page, see SSL Configuration Options.

Configuring an SSL Connection without Identity Verification

You can configure a connection that is encrypted by SSL but does not verify the identity of the client or the server.

To configure an SSL connection without verification:

  1. To access the SSL options, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then select the SSL tab.
  2. From the SSL Mode drop-down list, select one of the following options:
    • To use SSL encryption only if the server supports it, select PREFERRED.
    • Or, to require SSL encryption for the connection, select REQUIRED. If the server does not support SSL, the connection fails.
  3. Optionally, in the SSL Cipher field, type a comma-separated list of permitted ciphers for encrypting the connection.
  4. To specify the minimum version of SSL to use, from the Minimum TLS drop-down list, select the minimum version of SSL.
  5. To have the connector use the Windows trust store, select the Use Truststore checkbox.
  6. To save your settings and close the Simba MySQL ODBC Driver DSN Setup dialog box, click OK.

Configuring SSL Identity Verification

You can configure one-way verification so that the client verifies the identity of the MySQL server, or you can configure two-way verification so that the client and the sever both verify each other.

In both cases, you must provide a root certificate from a trusted certificate authority (CA) that the connector can use to check the server's certificate. If you are using two-way verification, then you must also provide a certificate that proves the identity of the client and a private key that encrypts the client certificate.

To configure SSL identity verification:

  1. To access the SSL options, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then select the SSL tab.
  2. To specify one or more root certificates from trusted CAs that you want to use to verify the server certificate, do one of the following:
    • To use a specific root certificate, in the SSL Certificate Authority field, specify the full path and name of the .pem file containing the certificate.
    • Or, to provide multiple root certificates, in the SSL CA Path field, specify the full path and name of the directory that contains the certificates. The connector uses the first valid certificate that it finds in the directory.
  3. If two-way identity verification is necessary, do the following:
    1. In the SSL Key field, specify the full path and name of the file that contains the private key used for encrypting the client certificate.
    2. In the SSL Certificate field, specify the full path and name of the .pem file containing the certificate used for proving the identity of the client.
  4. From the SSL Mode drop-down list, select one of the following options:
    • To use SSL encryption and identity verification only if the server supports it, select VERIFY_CA.
    • Or, to require SSL encryption and identity verification for the connection, select VERIFY_IDENTITY. If the server does not support SSL or if identity verification fails, the connection fails.
  5. Optionally, in the SSL Cipher field, type a comma-separated list of permitted ciphers for encrypting the connection.
  6. To specify the minimum version of SSL to use, from the Minimum TLS drop-down list, select the minimum version of SSL.
  7. To have the connector use the Windows trust store, select the Use Truststore check box.
  8. To save your settings and close the Simba MySQL ODBC Driver DSN Setup dialog box, click OK.

Related topics