Configuring SSL Verification

If you are connecting to a Netezza server that has Secure Sockets Layer (SSL) enabled, then you can configure the connector to connect to an SSL-enabled socket. When connecting to a server over SSL, the connector supports identity verification between the client and the server.

Important:

Important:

The Simba Netezza ODBC Driver only supports SSL version 3. Other versions are not supported.

The following instructions describe how to configure SSL in a DSN. You can specify the connection settings described below in a DSN, in a connection string, or as connector-wide settings. Settings in the connection string take precedence over settings in the DSN, and settings in the DSN take precedence over connector-wide settings.

For detailed information about the options on this page, see SSL Driver Configuration Options on page 1.

To configure SSL verification:

  1. Configure SSL authentication on your Netezza database. For more information, see "Configuring the SSL Certificate" in the IBM Knowledge Center: http://www.ibm.com/support/knowledgecenter/SSULQD_7.2.1/com.ibm.nz.adm.doc/t_sysadm_config_ssl_certs.html.
  2. To access the SSL options, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then select the SSL DSN Options tab.
  3. For the Security Level, choose one:
    • To connect over an unsecured connection, select Only Unsecured. The connector does not connect to the data store if an unsecured connection is not available.
    • To connect over an unsecured connection if one is available, select Preferred Unsecured. The connector connects to the data store using an unsecured connection if available; if not, the connector uses a secure connection.
    • To connect over a secure connection if one is available, select Preferred Secured. The connector connects to the data store using a secure connection if available; if not, the connector uses an unsecured connection.
    • To connect over a secure connection, select Only Secured. The connector does not connect to the data store if a secure connection is not available.
  4. From the SSL Version drop-down list, select the level of SSL/TLS to use for the connection. To use the highest version of TLS/SSL that is supported by both the client and the server, select Default.
  5. To specify the CA certificates that you want to use to verify the server, do one of the following:
    • To verify the server using the trusted CA certificates from a specific .pem file, specify the full path to the file in the CA Certificate File field and clear the Use Windows Trust Store check box.
    • Or, to use the trusted CA certificates .pem file that is installed with the connector, leave the CA Certificate File field empty, and clear the Use Windows Trust Store check box.
    • Or, to use the Windows Trust Store, select the Use Windows Trust Store check box.
      • Important:

      Important:

      • If you are using the Windows Trust Store, make sure to import the trusted CA certificates into the Trust Store.
      • If you are using a specific CA certificate .pem file, make sure that the certificate is stored on the server.
  6. To allow self-signed certificates from the server, select the Allow Self-signed Certificates check box.
  7. To allow expired certificates to authenticate the connection, select the Allow Expired Certificates check box.
  8. To allow the common name of a CA-issued SSL certificate to not match the host name of the Netezza server, select the Allow Host Mismatch check box.
  9. To save your settings and close the Simba Netezza ODBC Driver DSN Setup dialog box, click OK.

Related topics