Securing SQL communications

When full security is enabled, SQL communications are secured using HTTPS over TLS. Therefore, SQL driver connections must be configured to use the correspondent HTTPS certificate. In this section you will learn how to download the TLS certificate for your LeanXcale instance.

1. Download TLS certificate

1.1. Cloud Console

TLS certificate can be downloaded in the Security tab under the Operations section in the web console, in the SQL Interface Security.

sslcert

1.2. On Premise instance

When managing an On Premise LeanXcale Deployment, you must access to the main node and get the certificate from the following path (being $BASEDIR your installation path):

$BASEDIR/conf/LeanXcaleSSLConnect.crt

2. Installing certificates

2.1. Windows

If using Windows, to install LeanXcale TLS certificate you have to open the .crt file and add the certificate to the trusted ca certificates store.

sslwindows1
sslwindows2
sslwindows3
sslwindows4
sslwindows5
sslwindows6

2.2. Linux

In case Linux is your operative system, you need to add the TLS certificate to your trusted ca certificates for your machine.

sudo mkdir /usr/local/share/ca-certificates/extra
sudo cp LeanXcaleSSLConnect.crt /usr/local/share/ca-certificates/extra/LeanXcaleSSLConnect.crt
sudo update-ca-certificates

Setting Security in SQL Drivers

1. JDBC

First of all, you must add LeanXcale ca certificate to your Java Truststore when using JDBC driver.

  • In order to do that, in a Linux environment:

# Go to security directory in your Java installation. For example:
cd /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security

# Add LeanXcaleSSLConnect.crt to Java truststore
sudo keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias mycert -file LeanXcaleSSLConnect.crt
  • In Windows, you will find the keytool executable file in the ~\bin folder of your installation home path, and the cacerts JDK keystore in ~\lib\security:

# Add LeanXcaleSSLConnect.crt to Java truststore
keytool -import -alias <your alias name> -keystore <cacerts location> -trustcacerts -file <LeanXcaleSSLConnect.crt location>

Check now how to set secure mode for your connection in the Development Java Section.

2. SQLAlchemy

To add TLS certificate to client when using SQLAlchemy in Linux, you have to add the certificate to your trusted ca certificates for your machine. To do this, follow the steps described here depending on your OS.

Check now how to set secure mode at engine creation in the Development SQLAlchemy Section.

3. ODBC

When using the ODBC Driver, the configuration required depends on which platform you are using: Linux or Windows. ODBC driver relies in the certificates installed in the client machine, so the steps are the same as described here check the section that matches with your platform.

3.1. Linux

Check how to config secure mode in a Linux platform in the Development ODBC Section.

3.2. Windows

Check how to config secure mode in a Windows platform in the Development ODBC Section.

4. Setting Security in SQL Clients

4.1. Squirrel

Learn how to securize a connection to a LeanXcale through Squirrel visiting this section.

4.2. lxClient

Learn how to connect to a LeanXcale database in a secure mode with lxClient in this section.