SSL support for clients
The IBM® Netezza® system supports secure sockets layer (SSL) encryption and authentication for connections to the Netezza system.
- -securityLevel specifies the security level that
you want to use for the session. The argument has four values:
- preferredUnSecured
- This argument is the default value. Specify this option when you would prefer an unsecured connection, but you accept a secured connection if the Netezza system requires one.
- preferredSecured
- Specify this option when you want a secured connection to the Netezza system, but you accept an unsecured connection if the Netezza system is configured to use only unsecured connections.
- onlyUnSecured
- Specify this option when you want an unsecured connection to the Netezza system. If the Netezza system requires a secured connection, the connection is rejected.
- onlySecured
- Specify this option when you want a secured connection to the Netezza system.
If the Netezza system
accepts only unsecured connections, or if you are attempting to connect
to a Netezza system
that is running a release before release 4.5, the connection is rejected. Table 1 describes some practices for selecting the -securityLevel setting based on the Netezza system release and SSL configuration.
- -caCertFile specifies the path name of the root certificate authority (CA) file. The CA file must be obtained from the Netezza system administrator and installed on the client system. The CA file authenticates the server (the Netezza host) to the client. The default value is NULL, which indicates that no peer authentication occurs.
export NZ_SECURITY_LEVEL=level
export NZ_CA_CERT_FILE=pathname
These SSL security arguments are also used with the nzsql
\c
switch when a user attempts to connect to a different Netezza database.
If you do not specify values for these fields, the Netezza system
uses the values that are specified for the existing connection.
Netezza host release | Netezza security configuration | Connections allowed | -securitylevel settings |
---|---|---|---|
Release 4.5 and later | host | Secured and Unsecured | All 4 settings accepted (onlyUnSecured, preferredUnSecured, onlySecured, preferredSecured) |
hostssl | Secured only | onlySecured, preferredSecured; preferredUnSecured is accepted but result in a secured connection. |
|
hostnossl | Unsecured Only | onlyUnSecured, preferredUnSecured; preferredSecured is accepted but result in an unsecured connection. |
|
Releases before 4.5 | N/A | Unsecured Only | onlyUnSecured, preferredUnSecured; preferredSecured is accepted but result in an unsecured connection. |
For details about SSL communication from the Netezza clients to the Netezza system, see the IBM Netezza ODBC, JDBC, OLE DB, and .NET Installation and Configuration Guide. For a description of how to configure the Netezza host for SSL support, see the IBM Netezza System Administrator’s Guide.