Configuring SSL Verification

If you are connecting to a Spark server that has Secure Sockets Layer (SSL) enabled, you can configure the connector to connect to an SSL-enabled socket. When using SSL to connect to a server, the connector supports identity verification between the client (the connector itself) and the server.

The following instructions describe how to configure SSL in a DSN and in the connector configuration tool. You can specify the connection settings described below in a DSN, in a connection string, or as connector-wide settings. Settings in the connection string take precedence over settings in the DSN, and settings in the DSN take precedence over connector-wide settings.

Note:

If you selected User Name or Windows Azure HDInsight Emulator as the authentication mechanism, SSL is not available.

To configure SSL verification:

  1. Choose one:
    • To access SSL options for a DSN, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then click SSL Options.
    • Or, to access advanced options for a DSN-less connection, open the Simba Spark ODBC Driver Configuration tool, and then click SSL Options.
  2. Select the Enable SSL check box.
  3. To allow authentication using self-signed certificates that have not been added to the list of trusted certificates, select the Allow Self-signed Server Certificate check box.
  4. To allow the common name of a CA-issued SSL certificate to not match the host name of the Spark server, select the Allow Common Name Host Name Mismatch check box.
  5. To specify the CA certificates that you want to use to verify the server, do one of the following:
    • To verify the server using the trusted CA certificates from a specific .pem file, specify the full path to the file in the Trusted Certificates field and clear the Use System Trust Store check box.
    • Or, to use the trusted CA certificates .pem file that is installed with the connector, leave the Trusted Certificates field empty, and clear the Use System Trust Store check box.
    • Or, to use the Windows trust store, select the Use System Trust Store check box.
      Important:
      • If you are using the Windows trust store, make sure to import the trusted CA certificates into the trust store.
      • If the trusted CA supports certificate revocation, select the Check Certificate Revocation check box.
  6. To allow authentication, when the certificate's revocation status is undetermined, select the Accept Undetermined Revocation checkbox.
  7. From the Minimum TLS Version drop-down list, select the minimum version of TLS to use when connecting to your data store.
  8. To configure two-way SSL verification, select the Two-Way SSL check box and then do the following:
    1. In the Client Certificate File field, specify the full path of the PEM file containing the client's certificate.
    2. In the Client Private Key File field, specify the full path of the file containing the client's private key.
    3. If the private key file is protected with a password, type the password in the Client Private Key Password field.
      4. Important:

      The password is obscured, that is, not saved in plain text. However, it is still possible for the encrypted password to be copied and used.

    4. To encrypt your credentials, click Password Options and then select one of the following:
      • If the credentials are used only by the current Windows user, select Current User Only.
      • Or, if the credentials are used by all users on the current Windows machine, select All Users Of This Machine.

      To confirm your choice and close the Password Options dialog box, click OK.

  9. To save your settings and close the SSL Options dialog box, click OK.

Related topics