ClickHouse/tests/integration/test_ssl_cert_authentication/configs/ssl_config.xml

<clickhouse>
    <!-- HTTP API with TLS (HTTPS).
         You have to configure certificate to enable this interface.
         See the openSSL section below.
    -->
    <https_port>8443</https_port>

    <!-- Native interface with TLS.
         You have to configure certificate to enable this interface.
         See the openSSL section below.
    -->
    <tcp_port_secure>9440</tcp_port_secure>

    <!-- Used with https_port and tcp_port_secure. Full ssl options list: https://github.com/ClickHouse-Extras/poco/blob/master/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#L71 -->
    <openSSL replace="replace">
        <server> <!-- Used for https server AND secure tcp port -->
            <certificateFile>/etc/clickhouse-server/config.d/server-cert.pem</certificateFile>
            <privateKeyFile>/etc/clickhouse-server/config.d/server-key.pem</privateKeyFile>
            <caConfig>/etc/clickhouse-server/config.d/ca-cert.pem</caConfig>
            <verificationMode>relaxed</verificationMode>
        </server>

        <client> <!-- Used for connecting to https dictionary source and secured Zookeeper communication -->
            <loadDefaultCAFile>true</loadDefaultCAFile>
            <cacheSessions>true</cacheSessions>
            <disableProtocols>sslv2,sslv3</disableProtocols>
            <preferServerCiphers>true</preferServerCiphers>
            <invalidCertificateHandler>
                <name>RejectCertificateHandler</name>
            </invalidCertificateHandler>
        </client>
    </openSSL>
</clickhouse>
Add test for SSL certificate authentication. 2022-02-18 14:12:03 +00:00			`<clickhouse>`
			`<!-- HTTP API with TLS (HTTPS).`
			`You have to configure certificate to enable this interface.`
			`See the openSSL section below.`
			`-->`
			`<https_port>8443</https_port>`

			`<!-- Native interface with TLS.`
			`You have to configure certificate to enable this interface.`
			`See the openSSL section below.`
			`-->`
Add SSL authentication to the native protocol 2023-03-14 22:10:08 +00:00			`<tcp_port_secure>9440</tcp_port_secure>`
Add test for SSL certificate authentication. 2022-02-18 14:12:03 +00:00
			`<!-- Used with https_port and tcp_port_secure. Full ssl options list: https://github.com/ClickHouse-Extras/poco/blob/master/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#L71 -->`
			`<openSSL replace="replace">`
			`<server> <!-- Used for https server AND secure tcp port -->`
			`<certificateFile>/etc/clickhouse-server/config.d/server-cert.pem</certificateFile>`
			`<privateKeyFile>/etc/clickhouse-server/config.d/server-key.pem</privateKeyFile>`
			`<caConfig>/etc/clickhouse-server/config.d/ca-cert.pem</caConfig>`
			`<verificationMode>relaxed</verificationMode>`
			`</server>`

			`<client> <!-- Used for connecting to https dictionary source and secured Zookeeper communication -->`
			`<loadDefaultCAFile>true</loadDefaultCAFile>`
			`<cacheSessions>true</cacheSessions>`
			`<disableProtocols>sslv2,sslv3</disableProtocols>`
			`<preferServerCiphers>true</preferServerCiphers>`
			`<invalidCertificateHandler>`
			`<name>RejectCertificateHandler</name>`
			`</invalidCertificateHandler>`
			`</client>`
			`</openSSL>`
			`</clickhouse>`