Configuring SSL Verification

If you are connecting to a Phoenix server that has Secure Sockets Layer (SSL) enabled, you can configure the connector to connect to an SSL-enabled socket. When using SSL to connect to a server, the connector can be configured to verify the identity of the server.

To configure SSL verification:

  1. To access SSL options, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then click SSL Options.
  2. Select the Enable SSL check box.
  3. To allow authentication using self-signed certificates that have not been added to the list of trusted certificates, select the Allow Self-signed Server Certificate check box.
  4. To allow the common name of a CA-issued SSL certificate to not match the host name of the Phoenix server, select the Allow Common Name Host Name Mismatch check box.
  5. To specify the CA certificates that you want to use to verify the server, do one of the following:
    • To verify the server using the trusted CA certificates from a specific .pem file, specify the full path to the file in the Trusted Certificates field and clear the Use System Trust Store check box.
    • Or, to use the trusted CA certificates .pem file that is installed with the connector, leave the default value in the Trusted Certificates field, and clear the Use System Trust Store check box.
    • Or, to use the Windows trust store, select the Use System Trust Store check box.
      Important:
      • If you are using the Windows trust store, make sure to import the trusted CA certificates into the trust store.
      • If the trusted CA supports certificate revocation, select the Check Certificate Revocation check box.
  6. From the Minimum TLS Version drop-down list, select the minimum version of TLS to use when connecting to your data store.
  7. To save your settings and close the SSL Options dialog box, click OK.

Related topics