TLS Modes
Provide the following certificates for each TLS mode:
- CA Certificate: Certificate Authority (CA) certificate.
- Client Certificate: Not required. Client Certificate file for connections requiring client authentication.
- Client Key: Not required. Client key file used for connections requiring client authentication.
You can override CA Certificate, Client certificate, and Client Key by using an app property. For more information, see Overriding a Certificate Using an Environment Variable.
For more details on TLS modes, see MySQL Documentation.
| TLS Modes | Description |
|---|---|
| Required | Client requires an encrypted connection and fails if one cannot be established. |
| Preferred | If an attempt to connect to an encrypted connection fails, then the unencrypted connection is established. |
| VerifyCA | Client require an encrypted connection, and verifies with the server CA certificate.
|
| VerifyIdentity | Server host name is verified to ensure that it matches the host name stored in the server certificate. |
Overriding a Certificate Using an Environment Variable
To override CA certificate, Client certificate, and Client Key by using an app property you must override a certificate if the existing certificate has expired or you have to use a custom certificate. You can directly override the certificate at run time instead of re-configuring the app property. In such a case:
-
In the terminal itself, export the base64 encoded values in the content of the file as follows:
export CA_Certificate=<base64encodedCertificateFileContent>export Client_Certificate=<base64encodedCertificateFileContent>export Client_Key=<base64encodedCertificateFileContent> -
Set the
FLOGO_APP_PROPS_ENV=autoenvironment variable as follows:FLOGO_APP_PROPS_ENV=auto ./<app-binary>