Configuring SSL Verification

Note:

In this documentation, "SSL" refers to both TLS (Transport Layer Security) and SSL (Secure Sockets Layer). The connector supports up to TLS 1.2. The SSL version used for the connection is the highest version that is supported by both the connector and the server.

When connecting to data stores, by default the Windows version of the Simba ServiceNow ODBC Connector uses one-way SSL authentication with peer and host verification. The connector verifies the identity of the server, and the host name specified in the server certificate must match the host name of the server that you are connecting to. To successfully connect to the server, you must either provide the appropriate trusted server certificate or disable peer verification.

Specifying a Server Certificate

The Windows version of the connector enables peer verification by default. The connector uses the certificates in the Windows trust store to verify the server. To add a certificate to the trust store, use the Microsoft Management Console (MMC). For more information, see "Manage Trusted Root Certificates" on Microsoft TechNet: https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx.

Note:

  • If the SystemTrustStore property is enabled (1), the Windows trust store is used.

  • If the SystemTrustStore property is disabled (0), the certificate is taken from the path provided in the TrustCertsPath property.

Disabling SSL Verification

If peer verification is not required for your connection, disable peer verification so that the connector can connect to the data store. You can also disable host verification and SSL encryption, if necessary.

Note:

It is recommended that you keep SSL enabled if possible. SSL encryption protects data and credentials when they are transferred over the network, and provides stronger security than authentication alone.

To disable SSL verification:

  1. Choose one:
    • If you are using Windows 7 or earlier, click Start Windows Start button, then type regedit in the Search field, and then click regedit.exe in the search results.
    • Or, if you are using Windows 8 or later, on the Start screen, type regedit, and then click the regedit search result.
    • If you are using the 32-bit connector on a 64-bit machine, then browse to the following registry key, where [DSN_Name] is the name of your DSN:

      • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ODBC\ODBC.INI\[DSN_Name]

    • Otherwise, browse to the following registry key, where [DSN_Name] is the name of your DSN:

      • HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC.INI\[DSN_Name]

  2. To disable peer verification so that the connector does not verify the identity of the server, set the UsePeerVerification value to 0.
  3. To disable host verification so that the connector does not require the host name in the server's certificate to match the host name of the server, set the UseHostVerification value to 0.
  4. To disable SSL encryption so that the connector does not connect to the server over SSL, set the UseEncryptedEndpoints value to 0.

Related topics