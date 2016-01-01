Optional secured communication between ClickHouse and Zookeeper

Note This page is not applicable to ClickHouse Cloud. The procedure documented here is automated in ClickHouse Cloud services.

You should specify ssl.keyStore.location , ssl.keyStore.password and ssl.trustStore.location , ssl.trustStore.password for communication with ClickHouse client over SSL. These options are available from Zookeeper version 3.5.2.

You can add zookeeper.crt to trusted certificates.

Client section in config.xml will look like:

Add Zookeeper to ClickHouse config with some cluster and macros:

Start clickhouse-server . In logs you should see:

Prefix secure:// indicates that connection is secured by SSL.

To ensure traffic is encrypted run tcpdump on secured port:

And query in clickhouse-client :

On unencrypted connection you will see in tcpdump output something like this:

On encrypted connection you should not see this.