SSL communication is supported for Tungsten Connector in three different possible combinations:
SSL from the application to Tungsten Connector; Non-SSL connections from Tungsten Connector to MySQL
Non-SSL from the application to Tungsten Connector; SSL connections from Tungsten Connector to MySQL
SSL from the application to Tungsten Connector; SSL connections from Tungsten Connector to MySQL
The connector also supports application connections using either SSL or Non-SSL communication on the same TCP/IP port. This allows you to choose SSL communication without changing your application ports.
To enable SSL communication with Tungsten Connector you must create suitable certificates keys and keystores, as described in Section 2.8.1, “Creating the Truststore and Keystore”. The keystores used for Tungsten Connector can be the same, or different, to the keystores used for securing the manager and replication communication.
To enable connector SSL during installation or update, the
--connector-ssl=true option must be set
service_name--connector-ssl=true \ --java-connector-keystore-path=/home/tungsten/keystore.jks \ --java-connector-keystore-password=password \ --java-connector-truststore-path=/home/tungsten/truststore.ts \ --java-connector-truststore-password=password
This will update the connector configuration with the specified keystores, truststore and enable SSL on the connector connections.