Using TLS: installing certificates on Windows

You can optionally secure communication between your ADO.NET application and Vertica using TLS. The Vertica ADO.NET driver uses the default Windows key store when looking for TLS certificates. This is the same key store that Internet Explorer uses.

Before you can use TLS on the client side, you must implement TLS on the server. See TLS protocol, perform those steps, then return to this topic to install the TLS certificate on Windows.

To use TLS for ADO.NET connections to Vertica:

• Import the server and client certificates into the Windows Key Store.

• If required by your certificates, import the public certificate of your Certifying Authority.

Import the server and client certificates into the windows key store:

1. Copy the server.crt file you generated when you enabled TLS on the server to your Windows Machine.

2. Double-click the certificate.

3. Let Windows determine the key type, and click Install.

Import the public certificate of your CA:

You must establish a chain of trust for the certificates. You may need to import the public certificate for your Certifying Authority (CA) (especially if it is a self-signed certificate).

1. Using the same certificate as above, double-click the certificate.

2. Select Place all certificates in the following store.

3. Click Browse, select Trusted Root Certification Authorities and click Next.

4. Click Install.

Enable SSL in your ADO.NET applications

In your connection string, be sure to enable SSL by setting the SSL property in VerticaConnectionStringBuilder to true, for example:

//configure connection properties    VerticaConnectionStringBuilder builder = new VerticaConnectionStringBuilder();
    builder.Host = "192.168.17.10";
    builder.Database = "VMart";
    builder.User = "dbadmin";
    builder.SSL = true;
    //open the connection
    VerticaConnection _conn = new VerticaConnection(builder.ToString());
    _conn.Open();