Configuring SSL Verification

If you are connecting to a Spark server that has Secure Sockets Layer (SSL) enabled, you can configure the connector to connect to an SSL-enabled socket. When using SSL to connect to a server, the connector supports identity verification between the client (the connector itself) and the server.

Note:

If the AuthMech property is set to 2 or 5, SSL is not available.

You can set the connection properties described below in a connection string, in a DSN (in the odbc.ini file), or as a connector-wide setting (in the simba.sparkodbc.ini file). Settings in the connection string take precedence over settings in the DSN, and settings in the DSN take precedence over connector-wide settings.

To configure SSL verification:

  1. To enable SSL connections, set the SSL attribute to 1.
  2. To allow authentication using self-signed certificates that have not been added to the list of trusted certificates, set the AllowSelfSignedServerCert attribute to 1.
  3. To allow the common name of a CA-issued SSL certificate to not match the host name of the Spark server, set the CAIssuedCertNamesMismatch attribute to 1.
  4. Choose one:
    • To configure the connector to load SSL certificates from a specific .pem file when verifying the server, set the TrustedCerts attribute to the full path of the .pem file.
    • Or, to use the trusted CA certificates .pem file that is installed with the connector, do not specify a value for the TrustedCerts attribute.
  5. To configure two-way SSL verification, set the TwoWaySSL attribute to 1 and then do the following:
    1. Set the ClientCert attribute to the full path of the .pem file containing the client's certificate.
    2. Set the ClientPrivateKey attribute to the full path of the file containing the client's private key.
    3. If the private key file is protected with a password, set the ClientPrivateKeyPassword attribute to the password.
  6. To specify the minimum version of TLS to use, set the Min_TLS property to the minimum version of TLS. Supported options include 1.0 for TLS 1.0, 1.1 for TLS 1.1, and 1.2 for TLS 1.2.

Related topics