Setting up Client Certificate for Navicat

The following instruction guides you through the process of configuring a connection between Navicat and MySQL/PostgreSQL Server using SSL. To successfully establish a SSL connection, please complete Step 1: Installation of OpenSSL and MySQL/PostgreSQL and Step 2: Setting up SSL Certificate for MySQL/PostgreSQL , and set the connection properties in the corresponding boxes.

MySQL

  1. Click or choose File -> New Connection to set up the Connection Properties.
  2. Select the SSL tab and enable Use SSL.
  3. To provide authentication details, fill in the required information:

    Client Key, Client Certificate and CA Certificate are usually stored in your Server - /usr/local/openssl. Please copy them from the remote server to local computer. Specified Cipher (optional) is only required while ssl_type field has been set to "SPECIFIED" - [ssl_type can be found in a system database called "mysql" -> table called "user"]. Example of Specified Cipher is "EDH-RSA-DES-CBC3-SHA" which can be filled in either through the Connection Properties shown above or the "mysql" database -> "user" table -> "ssl_cipher" blob field shown below.

    Note: You are allowed to store your Specified Cipher into a text file in order to load into the "ssl_cipher" blob field.

PostgreSQL

  1. Click or choose File -> New Connection to set up the Connection Properties.
  2. Select the SSL tab and enable Use SSL.
  3. Select the SSL Mode.
    require - only try an SSL connection.
    verify-ca - only try an SSL connection, and verify that the server certificate is issued by a trusted CA.
    verify-full - only try an SSL connection, verify that the server certificate is issued by a trusted CA and that the server hostname matches that in the certificate.
  4. To provide authentication details, enable Use Authentication and fill in the required information:

    Client Key, Client Certificate and CA Certificate are usually stored in your Server - /usr/local/openssl. Please copy them from the remote server to local computer.

    Certificate Revocation List specifies the file path of the SSL certificate revocation list (CRL).
    For PostgreSQL server, OpenSSL supports a wide range of ciphers and authentication algorithms, of varying strength. While a list of ciphers can be specified in the OpenSSL configuration file, you can specify ciphers specifically for use by the database server by modifying ssl_ciphers in postgresql.conf.


See also:
Advanced Settings