TLS authentication
This section contains information about the tls
authentication method, which is one of several authentication methods used to manage client connections.
Before creating a tls
authentication method, you must configure your server to use TLS (TLS is disabled by default). The supported modes are:
-
Server Mode: In server mode, the client must confirm the server's identity before connecting. The client verifies that the server's certificate and public key are valid and were issued by a certificate authority (CA) listed in the client's list of trusted CAs. This helps prevent man-in-the-middle attacks.
-
Mutual Mode: In mutual mode, the client and server must verify each other's identity before connecting. Client authentication is optional because Vertica can authenticate the client at the application protocol level with the client's username and password.
You can use the tls
authentication method with either Server Mode or Mutual Mode. However, to use client self-authentication, your server must use Mutual Mode.
Before you create a tls
authentication method, perform the pre-requisite tasks necessary for your environment (for example, certificate creation). Refer to TLS protocol and all subsections applicable to your environment.
To create a tls
authentication method, see Creating authentication records.