To establish a secure TLS (SSL) connection to a database cluster, you need to add its certificate authority (CA) to your OS trust store.

If you use a custom certificate, the CA is already present in the custom certificate secret. See Configure a Custom Certificate for a Database Cluster in VMware Data Services Manager.

To get the CA managed by VMware Data Services Manager and store it in the trust store, follow these steps.

Procedure

  1. Access the DSM API.
  2. Examine the status.connection.passwordRef.name property to search for the secret name for your database cluster.
  3. In the same namespace where your database cluster resides, search for a Kubernetes Secret containing the secret name you retrieved, and find its ca.crt property.
    It contains the PEM-encoded CA.
  4. Use the CA to establish a secure connection to your database cluster.