Configure a FairCom server to use TLS for ISAM, CTDB, and SQL APIs
Configure a FairCom server to use TLS for ISAM, CTDB, and SQL APIs
TLS and non-TLS connections use the same ports for FairCom’s ISAM, CTDB, and SQL connections. To enable and configure TLS (SSL) for ISAM and SQL communications over TCP/IP, add TLS settings to the FairCom DB Configuration File and create the certificates outlined in the FairCom DB Notify Configuration section. For more information on the keywords used here, visit the security page in our Database Administrator's guide.
SUBSYSTEM COMM_PROTOCOL SSL {
SERVER_CERTIFICATE_FILE ctree_ssl.pem
DEBUG_LOG ssl.log
SSL_CONNECTIONS_ONLY YES
VERIFY_CLIENT_CERTIFICATE YES
x509_AUTHENTICATION YES
x509_PATH CN
SSL_CIPHERS AES256-SHA256:AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:AES256-GCM-SHA384
}