Skip to content

SSL Configuration

Jump to bottom
dbeaver-devops edited this page Sep 15, 2025 · 9 revisions

Table of contents

CloudBeaver supports the ability to establish connections using Secure Socket Layer (SSL), a protocol for creating authenticated and encrypted links between networked computers.

Note: SSL parameters are optional and should only be specified if required by your server configuration.

Setting up SSL configuration

  1. Start by creating a connection.

  2. Go to the SSL tab in the connection settings.

  3. Enable the checkbox Enable SSL

  4. Configure the required settings:

    Parameter Description
    CA Certificate Path to the Certificate Authority (CA) certificate.
    Client Certificate Path to the client's public key certificate.
    Client Private Key Path to the client's private key.
    SSL Mode Desired security level for SSL.
    SSL Factory Provide SSLSocketFactory factory class name.
    Cipher Suites (optional) Specify a comma-separated cipher suites list to use.
    Skip host name validation Whether to bypass hostname validation.
    Use self signed certificate (non-secure) Acceptance of self-signed certificates.
    Force TLS 1.2 Enforce using TLS version 1.2.
    Verify server certificate Ensures the server certificate is valid.
    Allow public key retrieval Allows the retrieval of the server's public key.

    Note: The availability of these parameters can vary depending on the database.

  5. If all other necessary connection settings are configured, complete the setup by clicking Finish, or test the configuration by clicking Test Connection to ensure that SSL is functioning correctly.

Tip: To avoid entering credentials every time, enable the Save credentials for the current user option. Depending on the connection type, the checkbox name may vary. For more details, see Credential saving options.

Setting up SSL configuration via Driver properties

For some databases, an alternative method to configure SSL settings is available through the Driver properties tab. This approach allows access to additional or driver-specific SSL options that may not be present in the main SSL tab:

  1. Select the Driver properties tab within the Connection settings.

  2. Look for properties prefixed with ssl, such as sslResponseTimeout, sslfactoryarg, sslhostnameverifier, etc. Configure the necessary properties according to your database and server requirements.

  3. If all other necessary connection settings are configured, complete the setup by clicking Finish, or test the configuration by clicking Test Connection to ensure that SSL is functioning correctly.

Import SSL certificates on startup

CloudBeaver can import certificates from a predefined folder at startup. This method is useful for databases protected by self-signed certificates. It ensures secure connections without manual setup, especially when a firewall or internal security policies require specific certificates.

For Docker Compose

To add a certificate, place the file in the {workspace}/.data/custom-certs folder on the server. CloudBeaver will detect and import it on startup.

For more details on workspace location, see Workspace location

To manually copy a certificate, use the following command from the Compose project directory:

docker compose cp /path/to/cacert/root.chain.pem cloudbeaver:/opt/cloudbeaver/workspace/.data/custom/

After copying the certificate, restart the cluster (if it is already running) to apply the changes:

docker compose restart

For Kubernetes

Since if you mount the folder with certificates inside the workspace before the first startup - there may be problems with access rights inside the system .data folder, it is recommended to use /opt/cloudbeaver/conf/custom-certs folder. So you need to create a volumen and mount it with the /opt/cloudbeaver/conf/custom-certs.

All supported certificate folders

  1. {workspace}/.data/custom-certs
  2. {workspace}/.data/custom
  3. /opt/cloudbeaver/conf/custom-certs
  4. /opt/cloudbeaver/conf/custom

Read more about CloudBeaver deployment.

Important:

  • Only certificates are imported, not private keys.
  • The custom-certs directory must not contain any extra files or subfolders.

CloudBeaver - Web Database Manager

CloudBeaver Documentation

Clone this wiki locally