Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Documentation on Enabling SSL/TLS support for SQL Server. #21938

Merged
merged 1 commit into from
Feb 22, 2024
+38 −0
Merged

Documentation on Enabling SSL/TLS support for SQL Server. #21938

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions presto-docs/src/main/sphinx/connector/sqlserver.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,44 @@ connection properties as appropriate for your setup:
connection-user=root
connection-password=secret


Connection security
------------------

The JDBC driver and connector automatically use Transport Layer Security (TLS) encryption and certificate validation. This requires a suitable TLS certificate configured on your SQL Server database host.

To disable encryption in the connection string, use the ``encrypt`` property:

.. code-block:: none

connection-url=jdbc:sqlserver://<host>:<port>;databaseName=<databaseName>;encrypt=false;

Other SSL configuration properties that can be configured using the ``connection-url``:

SSL Configuration Properties
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
================================================== ==================================================================== ===========
Property Name Description Default
================================================== ==================================================================== ===========
``trustServerCertificate`` Indicates that the server certificate is not trusted ``false``
automatically and a truststore is required for
SSL certificate verification.

``trustStoreType`` File format of the truststore file, for example ``JKS`` or ``PEM``.

``hostNameInCertificate`` Specifies the expected CN (Common Name) in the SSL certificate
from the server.

``trustStore`` The path to the truststore file.

``trustStorePassword`` The password for the truststore.
================================================== ==================================================================== ===========

steveburnett marked this conversation as resolved.
Show resolved Hide resolved
A connection string using a truststore would be similar to the following example:

.. code-block:: none

connection-url=jdbc:sqlserver://<host>:<port>;databaseName=<databaseName>;encrypt=true;trustServerCertificate=false;trustStoreType=PEM;hostNameInCertificate=hostname;trustStore=path/to/truststore.pem;trustStorePassword=password
Multiple SQL Server Databases or Servers
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Expand Down
Loading