To implement SSL/TLS in a Hybrid Data Pipeline environment, an SSL certificate file must be specified during installation. In a standalone deployment, the Hybrid Data Pipeline server needs a server certificate and all intermediate certificates all the way to the root of the certificate chain to establish trust. During installation, you can specify a self-signed certificate for testing or evaluation purposes. However, as documented below, a PEM file should be specified to enable SSL in a production environment.
Note: The ODBC driver, JDBC driver, and On-Premises Connector need only the root certificate to verify the trust of the server certificate supplied during the SSL handshake. During installation of the server, the required certificate files are written to the <install_dir>/redist directory. These and other files in the redist directory must be used in the installation of the ODBC driver, JDBC driver, and On-Premises Connector.
An SSL/TLS implementation secures the following communications in a standalone deployment.
Communications between a Hybrid Data Pipeline user and the Hybrid Data Pipeline Web UI.
Communications between applications using the REST API, including the OData API, and the Hybrid Data Pipeline server.
Communications between the JDBC or ODBC drivers and the Hybrid Data Pipeline server.
Communications between the On-Premises Connector and the Hybrid Data Pipeline server.