ssl_external_kms_info specifies some information that the SSL features of OceanBase rely on. The configurations for different SSL modes are recorded in JSON string format. The JSON string contains at least the ssl_mode field.
| Property | Description |
|---|---|
| Parameter type | String |
| Default value | Null string |
| Value range | N/A |
| Effective upon OBServer restart | No |
Notes:
The default value of this parameter is an empty string. When SSL is enabled, the default file in the default path is used as the SSL key.
The value of this parameter must be in valid JSON format. Otherwise, an error will be reported during configuration check.
Value of the ssl_mode field: file or bkmi
When ssl_mode is set to file, the json string does not need to contain other content.
When ssl_mode is set to bkmi, the server does not store the SSL file, but obtains it from BKMI during operation. In addition, the JSON string must contain the complete application name, BKMI URL, BKMI root certificate, identity key, identity key password, name and version of the SSL private key, and name of the SSL certificate. Such information must be valid and useful. That is, the server can obtain the private keys and certificates from BKMI. Otherwise, an error will be reported.
To support other external certificate issuance systems, ssl_external_kms_info can be customized to support other JSON strings.
Example:
obclient> ALTER SYSTEM SET external_ssl_info = '
{
"ssl_mode":"file"
}';