Configuring SSL Verification

If you are connecting to a Phoenix server that has Secure Sockets Layer (SSL) enabled, you can configure the connector to connect to an SSL-enabled socket. When using SSL to connect to a server, the connector can be configured to verify the identity of the server.

You can set the connection properties described below in a connection string or in a DSN (in the odbc.ini file). Settings in the connection string take precedence over settings in the DSN.

To configure SSL verification:

1. To enable SSL connections, set the SSL attribute to 1.
2. To allow authentication using self-signed certificates that have not been added to the list of trusted certificates, set the AllowSelfSignedServerCert attribute to 1.
3. To allow the common name of a CA-issued SSL certificate to not match the host name of the Phoenix server, set the AllowHostNameCNMismatch attribute to 1.
4. Choose one:
• To configure the connector to load SSL certificates from a specific .pem file when verifying the server, set the TrustedCerts attribute to the full path of the .pem file.
• Or, to use the trusted CA certificates .pem file that is installed with the connector, do not specify a value for the TrustedCerts attribute.
5. To specify the minimum version of TLS to use, set the Min_TLS property to the minimum version of TLS. Supported options include 1.0 for TLS 1.0, 1.1 for TLS 1.1, and 1.2 for TLS 1.2.

Related topics

• SSL Driver Configuration Options on page 1
• Configuring Authentication
• Configuring Authentication on a Non-Windows Machine