SSL configurations
SSL/TLS is an encryption based protocol which establishes a secure and trusted connection between client and a database over which sensitive data can be transmitted.
DronaHQ supports connecting to several databases with end-to-end encryption using SSL. Typically, SSL certificates would be required in scenarios where sensitive data is requested. It prevents threats like MITM attacks, Drown Attacks, SSL Stripping attacks etc.
Prerequisites
Database server should be configured to support SSL and required certificates should be installed.
Configuring SSL in DronaHQ
To enable SSL configuration in DronaHQ, on the add connector/edit connector sidebar toggle on the Connect using SSL option.
Go to Connectors -> + CONNECTOR -> Select Supported DB, in this case MySQL and enable this toggle named Connect using SSL.
Once SSL config is enabled, Use a self signed certificate configuration will be shown. Toggle on this option to add SSL fields.
| Field | Description |
|---|---|
| CA | CA Certificate is a certificate signed by a trusted, third-party certificate authority (CA). |
| Client Key | The private key of the client certificate needed during the SSL handshake. |
| Client Certificate | Client certificate authenticates requestor to the server. |
DronaHQ takes the necessary measures to preserve user credentials by encrypting them using state of the art cryptographic algorithms.
Verification modes
DronaHQ allows to make use of all the three verification modes supported by SSL.
| Field | Description |
|---|---|
| Full verification | The client and server authenticate themselves with each other and send certificates to each other. |
| Verify CA certificate | Neither the client nor the server authenticates itself to the other. No certificates are sent or exchanged. Only SSL encryption and decryption is used. |
| Skip CA certificate verification | Neither the client nor the server authenticates itself to the other. No certificates are sent or exchanged. Only SSL encryption and decryption is used. |
MySQL only supports Verify CA Certificate and Skip CA Certificate verification.
As of now, we are providing SSL (self signed certificate) connections for
- MySQL
- Postgres
- MongoDB
- ClickHouse
- MariaDB
- DocumentDB
Conclusion
For production databases, it’s necessary to use SSL as data is the most important asset to protect. Enabling SSL encryption increases the security of data transmitted across networks between instances of Database Server and Client. Thus, DronaHQ recommends configuring SSL to preserve data.