In the security section, we will review the security features in RavenDB and explain how to manage your secured server or cluster.
RavenDB uses X.509 certificate-based authentication.
X.509 certificates are standardized, secured and widely used in many applications. They allow you to use TLS/SSL and HTTPS which keeps your communications encrypted and secured.
The idea of authentication in RavenDB is based on a fact that the server holds a server certificate, which is either signed by a trusted SSL Certificate Authority or self-signed. The server certificate is used by an administrator to generate client certificates with assigned permissions. Client certificates can be used for authentication, and authorization is granted according to the assigned permissions.
RavenDB will allow access only to client certificates which are explicitly registered in the server and will not trust any other certificates (even if existing PKI infrastructure allows them). Registering a certificate means one of two things: either the certificate was generated by the server or it was uploaded by an administrator. In any case, it must appear in the certificates view in the studio. Visit the Certificate Management section for more information.
In the Studio, administrators can use the Certificates View to easily manage their certificates. It can be used to generate client certificates, register existing client certificates, import and export server certificates, rename, assign permissions and more.