Updating TLS security for MC connections
Maintaining TLS security for MC JDBC connections to a Vertica database is an ongoing process. Initially, you as the MC administrator must configure the appropriate certificates and keys. As time passes, certificates expire or otherwise become invalid. To maintain TLS security in MC, you must configure new certificates to replace any that are about to expire.
If any of the certificates that secure an MC connection to a Vertica database changes or expires, the MC administrator must update the TLS configuration for that database on MC to ensure that unexpired certificates are available so that connections can succeed.
-
To update the certificates, simply configure new certificates for the connection between MC and that Vertica database.
-
To configure new certificates for a database monitored in MC, see Configuring TLS for a monitored database in MC.
-
To configure new client certificates for an MCC user, see Configuring mutual TLS for MC users.
-
To replace an expiring or invalid certificate for a database or client, see Updating a TLS certificate in MC.
MC flags the current certificate for a given connection with a "use me" bit. This bit is set only for the current certificate. When you configure a new certificate for a given connection, the new certificate is marked current, and the previous certificate (although still present in the trust store or keystore) is no longer marked as the current certificate.