Configuring SSL Verification

Note:

In this documentation, "SSL" indicates both TLS (Transport Layer Security) and SSL (Secure Sockets Layer). The connector supports industry-standard versions of TLS/SSL.

When connecting to data stores, by default the Simba Zoho JDBC Connector uses SSL encryption but does not use peer or host verification. You can enable peer verification so that the connector verifies the identity of the server, and enable host verification so that the connector requires the host name in the server certificate to match the host name of the server that you are connecting to.

Configuring Host and Peer Verification

To configure host and peer verification:

To enable peer verification so that the connector verifies the identity of the server, configure the following settings in your connection URL:
1. Set the UsePeerVerification property to 1.
2. If the server certificate is not issued by a certificate authority (CA), then add the server certificate to your Java KeyStore.
To enable host verification so that the connector requires the host name in the server's certificate to match the host name of the server, set the UseHostVerification property to 1.

For example, host and peer verification are both enabled in the following connection URL:

jdbc:zoho://;Host=crm.zoho.com;Auth_Type=OAuth 2.0;Auth_AccessToken=kP9PcyQ7prK2LwUMZMpFQ4R+5VE;UseHostVerification=1;UsePeerVerification=1;

Disabling SSL Encryption

If the data store that you are connecting to does not support SSL encryption, disable it so that the connector can connect to the data store.

Note:

It is recommended that you keep SSL enabled if possible. SSL encryption protects data and credentials when they are transferred over the network, and provides stronger security than authentication alone.

To disable SSL verification:

Set the UseEncryptedEndpoints property to 0.

For example:

jdbc:zoho://;Host=crm.zoho.com;Auth_Type=OAuth 2.0;Auth_AccessToken=kP9PcyQ7prK2LwUMZMpFQ4R+5VE;UseEncryptedEndpoints=0