ssl_external_kms_info

2024-04-19 08:42:50  Updated

ssl_external_kms_info records information regarding the dependencies of the SSL functionality in OceanBase Database. It stores the relevant configurations required for different SSL scenarios in the form of a JSON string. The JSON should include at least the ssl_mode field.

Attribute Description
Type String
Default value Empty string
Value range None
Effective upon OBServer node restart No

Take note of the following considerations:

  • The default value of this parameter is an empty string. When SSL is enabled, the default file in the default path is used as the SSL key.

  • The value of this parameter must be in valid JSON format. Otherwise, an error will be reported during the configuration check.

  • This parameter has the following valid values:

    • When ssl_mode is set to file, the JSON string does not need to contain other content.

    • When ssl_mode is set to bkmi, the server does not store the SSL file but obtains it from BKMI during operation. In addition, the JSON string must contain the complete application name, BKMI URL, BKMI root certificate, identity key, identity key password, name and version of the SSL private key, and name of the SSL certificate. Such information must be valid and useful. That is, the server can obtain private keys and certificates from BKMI. Otherwise, an error will be reported.

To support other external certificate issuance systems, ssl_external_kms_info can be customized to support other JSON strings.

Here is an example:

obclient> ALTER SYSTEM SET ssl_external_kms_info = '
{
"ssl_mode":"file"
}';

Contact Us