To encrypt Replica Of synchronization traffic, you must also configure encryption for the replica database (the destination).

Encrypt source synchronization traffic

To enable TLS for Replica Of communication only on the source database:

1. In databases, either:

   • Create a new database.
   • Select a database to configure and then select Edit.

2. Enable TLS.

   

3. Select the communication that you want to secure:

   • For a new database - Require TLS for Replica Of communications only is selected by default.

   • For an existing database that is configured to Require TLS for all communications - Select Require TLS for Replica Of communications only.

   By default, client authentication is enforced. This means you must enter the syncer certificates of the clusters hosting the replicas (the destination databases).

4. To enter the syncer certificates:

   1. Copy the syncer certificates for each cluster with a destination database:

      1. Sign in to the cluster.
      2. Go to Settings.
      3. In the syncer certificates box, copy the full text of the certificate to the Clipboard.

   2. Select the Add button to open the certificate dialog.
      

      

   3. Enter the copied certificate text into the text box below the Enforce client authentication checkbox.

   4. Use the Save button to save the certificates.
      

   You can also clear Enforce client authentication so that all clusters or clients can connect to your database without authentication.

   To encrypt Replica Of synchronization traffic, you must also configure encryption for the replica database (the destination).

Encrypt all source communication

To enable TLS for Replica Of and client communication on the source database:

1. From the Databases menu of the admin console, either:

   • Create a new database.

   • Select an existing database and then select the Edit button.

2. Enable TLS and select Require TLS for all communications.

   

   By default, client authentication is enforced so you must enter the syncer certificates of the clusters that host the destination databases.

   You also need to add the certificates of the clients that connect to the database.

3. To enter the syncer and client certificates:

   1. Copy the entire text of the syncer and client certificates.

      For each cluster with a destination database:

      1. Sign in to the cluster.
      2. Go to Settings.
      3. In the syncer certificates box, copy the full text of the certificate to the Clipboard.

   2. Use the Add button to open the certificate dialog.
      

      

   3. Enter the copied certificate text into the text box below the Enforce client authentication checkbox.

   4. Use the Save button to save your changes.
      

   You can also clear the Enforce client authentication checkbox to allow client connections without authentication.