Skip to content

SSL Configuration

Overview

DBeaver supports the ability to establish connections using Secure Socket Layer (SSL), a protocol for creating authenticated and encrypted links between networked computers.

Note

SSL parameters are optional and should only be specified if required by your server configuration.

Setting up SSL configuration

To set up SSL, you need to configure the following settings:

  1. Navigate to the SSL tab within the Connection settings.

  2. Enable the Use SSL option to activate SSL for your connection.

  3. Enter the necessary SSL configuration details (optional):

    Parameter Description
    CA Certificate Path to the Certificate Authority (CA) certificate.
    Client Certificate Path to the client's public key certificate.
    Client Private Key Path to the client's private key.
    Keystore Path to the keystore file.
    Keystore Password Password for the keystore.
    Certificate hostname Expected hostname in the certificate.
    SSL Mode Desired security level for SSL.
    SSL Factory Provide SSLSocketFactory factory class name.
    Cipher suites (optional) Specific cipher suites to use.
    Skip host name validation Whether to bypass hostname validation.
    Use self signed certificate (non-secure) Acceptance of self-signed certificates.
    Force TLS 1.2 Enforce using TLS version 1.2.
    Verify server certificate Ensures the server certificate is valid.
    Allow public key retrieval Allows the retrieval of the server's public key.

    Note

    The availability of these parameters can vary depending on the database. Check the SSL tab for your database within the Connection settings for any specific options.

  4. If all other necessary connection settings are configured, complete the setup by clicking Finish, or test the configuration by clicking Test Connection to ensure that SSL is functioning correctly.

Setting up SSL configuration via Driver properties

For some databases, an alternative method to configure SSL settings is available through the Driver properties tab. This approach allows access to additional or driver-specific SSL options that may not be present in the main SSL tab:

  1. Select the Driver properties tab within the Connection settings.

  2. Look for properties prefixed with ssl, such as sslResponseTime, sslfactoryarg, sslhostnameverifier, etc. Configure the necessary properties according to your database and server requirements.

  3. If all other necessary connection settings are configured, complete the setup by clicking Finish, or test the configuration by clicking Test Connection to ensure that SSL is functioning correctly.

Troubleshooting SSL issues

If you encounter a Pkix path building failed error, it may be due to incorrect SSL configurations. A common resolution is to consider ignoring host name validation, an option available for some databases in the SSL tab of the Connection settings, which can help bypass common SSL errors.

Import custom certificates

Learn how to import custom root and certificate authority (CA) certificates into DBeaver. See Import custom certificates for detailed instructions.

Oracle SSL configuration

Learn how to set up SSL connections for Oracle databases, including wallet creation and configuration steps. See SSL for Oracle for the full guide.