SECURITY_CONFIG_CHECK

Returns the status of various security-related parameters. Use this function to verify completeness of your TLS configuration.

Syntax

SECURITY_CONFIG_CHECK( 'db-component' )

Parameters

db-component

Components to check:

NETWORK: Returns the status of the parameters for spread encryption, internode TLS, and client-server TLS.

Example

In the following example, a call to SECURITY_CONFIG_CHECK returns with confirmation that parameters SSLCertificate and SSLPrivateKey are set, but other parameters such as EncryptSpreadComm and DataSSLParams are not:

=> SELECT SECURITY_CONFIG_CHECK('NETWORK');
				security_config_check                                                                                                                                                                                                                                                                                                                   
-------------------------------------------------------------------------------
Spread security details:
* EncryptSpreadComm = []
Spread encryption is disabled
It is NOT safe to set/change other security config parameters while spread is not encrypted!
Please set EncryptSpreadComm to enable spread encryption first

Data Channel security details:
* DataSSLParams is unset
SSL on the data channel is disabled
Please set EncryptSpreadComm and DataSSLParams to enable SSL on the data channel

Client-Server network security details:
* EnableSSL is unset
* SSLCertificate is set
* SSLPrivateKey is set
Client-Server SSL is disabled
Please set EnableSSL, SSLCertificate and SSLPrivateKey to enable Client-Server SSL

(1 row)