2.7.4. Configuring Connector SSL

SSL communication is supported for Tungsten Connector in three different possible combinations:

  • SSL from the application to Tungsten Connector; Non-SSL connections from Tungsten Connector to MySQL

  • Non-SSL from the application to Tungsten Connector; SSL connections from Tungsten Connector to MySQL

  • SSL from the application to Tungsten Connector; SSL connections from Tungsten Connector to MySQL

The connector also supports application connections using either SSL or Non-SSL communication on the same TCP/IP port. This allows you to choose SSL communication without changing your application ports.

To enable SSL communication with Tungsten Connector you must create suitable certificates keys and keystores, as described in Section 2.7.1, “Creating the Truststore and Keystore”. The keystores used for Tungsten Connector can be the same, or different, to the keystores used for securing the manager and replication communication.

To enable connector SSL during installation or update, the --connector-ssl=true option must be set to true:

shell> ./tools/tpm update service_name --connector-ssl=true \
    --java-connector-keystore-path=/home/tungsten/keystore.jks \
    --java-connector-keystore-password=password \
    --java-connector-truststore-path=/home/tungsten/truststore.ts \
    --java-connector-truststore-password=password

This will update the connector configuration with the specified keystores, truststore and enable SSL on the connector connections.