DWS supports the standard SSL (TLS 1.2). As a highly secure protocol, SSL authenticates bidirectional identification between the server and client using digital signatures and digital certificates to ensure secure data transmission. To support SSL connection, DWS has obtained the formal certificates and keys for the server and client from the CA certification center. It is assumed that the key and certificate for the server are server.key and server.crt respectively; the key and certificate for the client are client.key and client.crt respectively, and the name of the CA root certificate is cacert.pem.
By default, the SSL function is enabled for a data warehouse cluster (the server) to allow SSL and non-SSL connections from the client. In addition, the certificate, private key, and root certificate of the server have been configured by default.
Using the default certificate may pose security risks. To improve system security, you are advised to periodically change the certificate to prevent password cracking. If you need to replace the certificate, contact the customer service personnel.
This section describes how to download an SSL certificate.