Copy the queen's public key (self-signed certificate), /home/beehive/certs/server.pem, to the client. For this example, we will assume the client will store the public key as /home/jbloggs/certs/server.pem.
Use the following command line arguments when executing ACT:
- --enable-ssl
- --ssl-trusted-ca-file /home/jbloggs/certs/server.pem
Or use a configuration file similar to the following:
# ACT configuration file example # Contains settings for connecting securely to a specific host and database host: 10.10.10.10 dbname: sampledb username: sampleuser # SSL settings enable-ssl: true ssl-trusted-ca-file: server.pem
Because --ssl-self-signed-peer is not specified, the connection can be made only when the server provides a CA signed certificate. The identical CA signed certificate must already exist on the client. However, note that if --ssl-self-signed-peer were used, the server would able to supply the certificate at the time of connection and nothing is required on the client.