|
|
|
In V11.5 and later, the Replication Agent supports configuration options that can be specified in ctreplagent.cfg to enable and configure TLS support for the connections to the source and/or the target server.
To enable a TLS connection for the source server, use:
source_use_tls yes
To enable a TLS connection for the target server, use:
target_use_tls yes
To set the certificate file name for the source server, use:
source_tls_cert_file filename
To set the certificate file name for the target server, use:
target_tls_cert_file filename
where filename is the name of the file containing the server certificate. The default value is ctsrvr.pem. To use no certificate, specify an empty string. For example:
target_tls_cert_file ""
Note 1:
The source_use_tls and target_use_tls options force the Replication Agent to use the TCP/IP communication protocol with TLS enabled. This means that even if the specified source or target server is using the shared memory communication protocol and is running on the same machine as the Replication Agent, when this option is used the Replication Agent will only attempt to connect using TCP/IP with TLS enabled. If you wish to use the Shared Memory communication protocol to connect to a server on the same machine without falling back to TCP/IP if the Shared Memory connection fails, you can specify the source or target server name with the fsharemm protocol. For example:
source_server FAIRCOMS^fsharemm
Note 2:
It is not permitted to specify the communication protocol in the source_server or target_server configuration option (for example, FAIRCOMS^fsharemm) when you use the source_use_tls or target_use_tls option. In this situation, the Replication Agent logs one of the following errors and terminates:
Error in replication agent configuration file ctreplagent.cfg: When using the source_use_tls option, the source_server option cannot specify a communication protocol.
Error in replication agent configuration file ctreplagent.cfg: When using the target_use_tls option, the target_server option cannot specify a communication protocol.
