TLS / SSL Connection Tab

On this page

The TLS / SSL tab allows you to connect deployments with TLS / SSL. For more information on TLS / SSL, see TLS Options

Procedure

You can leave TLS unset with the Default option or set the TLS / SSL connection On or Off.

Option	Description
Default	The `Default` option leaves the TLS option `unset`. The `Default / unset` TLS /SSL option is enabled when using a DNS seedlist (SRV) in the connection string. To learn more about the additional options available, see Additional TLS / SSL Options.
On	Select the `On` option when using a DNS seedlist (SRV) in the connection string. When TLS / SSL Connection is `On`, you can specify additional certificate options for your connection string. To see more on the additional certificate options available, see Additional TLS / SSL Options.
Off	The `Off` option initiates a connection without TLS / SSL. Note It is recommended that users enable TLS / SSL to avoid security vulnerabilities.

When TLS is On you can specify the following:

Option	Description
Certificate Authority	One or more certificate files from trusted Certificate Authorities to validate the certificate provided by the deployment.
Client Certificate	Specifies the location of a local .pem file that contains either the client's TLS/SSL X.509 certificate or the client's TLS/SSL certificate and key.
Client Key Password	If the Client Private Key is protected with a password, you must provide the password.
tlsInsecure	Disables various certificate validations.
tlsAllowInvalidHostnames	Disables hostname validation of the certificate presented by the the deployment.
tlsAllowInvalidCertificates	Disable the validation of the server certificates.

Enabling tlsInsecure, tlsAllowInvalidHostnames, and tlsAllowInvalidCertificates may cause a security vulnerabilty.