Completing the MC Certificates Wizard
The MC Certificates wizard lets you configure a CA certificate for the Vertica database server and client certificates for MC to allow secure TLS communication over the JDBC connections between MC and the Vertica database server. Each screen presents options. When you select an option, the wizard displays additional options and details. Screenshots below represent one version of what you may see.
-
The first wizard screen provides helpful overview information. Read it, and click Configure TLS Certificates to continue.
-
On the Configure CA Certificates screen, configure a CA certificate (public key) to add to MC. MC uses this trusted certificate to verify the server's identity during TLS communications over JDBC connections between MC and the Vertica database server.
Complete one of these options:
- Upload a new CA certificate Browse and select the certificate file and enter an alias for this certificate
- To add another CA certificate, click Add More CA Certificates.
- Continue adding additional CA certificates until you are finished.
- Choose a certificate alias from previously uploaded certificates Select the alias for the previously uploaded CA certificate you wish to configure for the current database.
- Upload a new CA certificate Browse and select the certificate file and enter an alias for this certificate
- When you are done adding CA certificates, click Next.
- The Configure Client Certificate screen displays the check box Add Client Certificate and Private Key for Mutual Mode TLS Connection.
- If the database is configured for server mode, you do not need a client certificate or key.
- Leave the Add Client Certificate check box unchecked and click Review.
- Skip to step 10.
-
If the database is configured for mutual mode:
- Click the Add Client Certificate check box.
- Select one of the options below.
Upload Client Certificate and Private Key files on MC (shown above.) MC uses its https connection from the browser to MC's host to upload the files.)
- To add an additional client certificate and create a certificate chain, click Add Certificate to Chain. MC reinitializes the Client Certificate file field so you can add another certificate. After you add the last certificate path, click Next.
- To upload an existing certificate chain file, click Browse next to the Upload Client Certificate/Certificate chain file field, select the file, and click Open.
Manually upload client Certificate and Private Key on MC host and provide paths Avoids sending the encrypted certificate and private key files over an https connection. To add an additional path for a client certificate and create a certificate chain, click Add More Certificate Paths. MC reinitializes the path field so you can add another path. After you add the last certificate path, click Next.
Choose Client Certificate and Private Key alias of previously uploaded keypair to use for this database. (To use existing certificate and key files.)
-
Complete the detail fields for the client certificate and private key option you have chosen above, then click Next.
-
The Apply TLS configuration to MC users mapped to database window allows you to configure the client certificate-key pair you have just entered, for use by multiple MC users.
All the MC users you select must be mapped to the same user id on the Vertica database server.
- Click Review. The wizard displays a review window with the TLS options you have configured.
- Select one of these options:
- To modify your TLS choices, click Back.
- To confirm your choices:
- If you are importing a database, click Configure TLS and Import DB.
- If you are configuring TLS for a database already imported to MC, click Configure TLS for DB.
- Click Close to complete the wizard.
- To close the wizard without importing the database and without setting up TLS configuration, click Cancel.