The following instruction guides you through the process of configuring a connection between Navicat and MySQL/PostgreSQL Server using SSL. To successfully establish a SSL connection, please complete Step 1: Installation of OpenSSL and MySQL/PostgreSQL and Step 2: Setting up SSL Certificate for MySQL/PostgreSQL , and set the connection properties in the corresponding boxes.
MySQL
- Click
or choose File ->
New Connection to set up the Connection Properties.
- Select the SSL tab and enable Use SSL.
- To provide authentication details,
fill in the required information:
Client Key, Client Certificate and CA Certificate are usually stored in your Server - /usr/local/openssl. Please copy them from the remote server to local computer. Specified Cipher (optional) is only required while ssl_type field has been set to "SPECIFIED" - [ssl_type can be found in a system database called "mysql" -> table called "user"]. Example of Specified Cipher is "EDH-RSA-DES-CBC3-SHA" which can be filled in either through the Connection Properties shown above or the "mysql" database -> "user" table -> "ssl_cipher" blob field shown below.
Note: You are allowed to store your Specified Cipher into a text file in order to loadinto the "ssl_cipher" blob field.
PostgreSQL
- Click
or choose File ->
New Connection to set up the Connection Properties.
- Select the SSL tab and enable Use SSL.
- Select the SSL Mode.
require - only try an SSL connection.
verify-ca - only try an SSL connection, and verify that the server certificate is issued by a trusted CA.
verify-full - only try an SSL connection, verify that the server certificate is issued by a trusted CA and that the server hostname matches that in the certificate.
- To provide authentication details, enable Use Authentication and
fill in the required information:
Client Key, Client Certificate and CA Certificate are usually stored in your Server - /usr/local/openssl. Please copy them from the remote server to local computer.
Certificate Revocation List specifies the file path of the SSL certificate revocation list (CRL).
For PostgreSQL server, OpenSSL supports a wide range of ciphers and authentication algorithms, of varying strength. While a list of ciphers can be specified in the OpenSSL configuration file, you can specify ciphers specifically for use by the database server by modifying ssl_ciphers in postgresql.conf.
See also:
Advanced Settings