SSL support for clients
The Netezza Performance Server for Cloud Pak for Data and Netezza Performance Server for Cloud Pak for Data System system supports secure sockets layer (SSL) encryption and authentication for connections to the Netezza Performance Server system.
- -securityLevel specifies the security level that
you want to use for the session. The argument has four values:
- preferredUnSecured
- This argument is the default value. Specify this option when you would prefer an unsecured connection, but you accept a secured connection if the Netezza Performance Server system requires one.
- preferredSecured
- Specify this option when you want a secured connection to the Netezza Performance Server system, but you accept an unsecured connection if the Netezza Performance Server system is configured to use only unsecured connections.
- onlyUnSecured
- Specify this option when you want an unsecured connection to the Netezza Performance Server system. If the Netezza Performance Server system requires a secured connection, the connection is rejected.
- onlySecured
- Specify this option when you want a secured connection to the Netezza Performance Server system.
If the Netezza Performance Server system
accepts only unsecured connections, or if you are attempting to connect
to a Netezza Performance Server system
that is running a release before release 4.5, the connection is rejected. Table 1 describes some practices for selecting the -securityLevel setting based on the Netezza Performance Server system release and SSL configuration.
- -caCertFile specifies the path name of the root certificate authority (CA) file. The CA file must be obtained from the Netezza Performance Server system administrator and installed on the client system. The CA file authenticates the server (the Netezza Performance Server host) to the client. The default value is NULL, which indicates that no peer authentication occurs.
export NZ_SECURITY_LEVEL=level
export NZ_CA_CERT_FILE=pathname
These SSL security arguments are also used with the nzsql
\c
switch when a user attempts to connect to a different Netezza Performance Server database.
If you do not specify values for these fields, the Netezza Performance Server system
uses the values that are specified for the existing connection.
Netezza Performance Server host release | Netezza Performance Server security configuration | Connections allowed | -securitylevel settings |
---|---|---|---|
Release 4.5 and later | host | Secured and Unsecured | All 4 settings accepted (onlyUnSecured, preferredUnSecured, onlySecured, preferredSecured) |
hostssl | Secured only | onlySecured, preferredSecured; preferredUnSecured is accepted but result in a secured connection. |
|
hostnossl | Unsecured Only | onlyUnSecured, preferredUnSecured; preferredSecured is accepted but result in an unsecured connection. |
|
Releases before 4.5 | N/A | Unsecured Only | onlyUnSecured, preferredUnSecured; preferredSecured is accepted but result in an unsecured connection. |
For details about SSL communication from the Netezza Performance Server clients to the Netezza Performance Server system, see the IBM® Netezza® ODBC, JDBC, OLE DB, and .NET Installation and Configuration Guide. For a description of how to configure the Netezza Performance Server host for SSL support, see the IBM Netezza System Administrator’s Guide.