In the security section, we will review the security features in RavenDB and explain how to manage your secured server or cluster.
RavenDB uses X.509 certificate-based authentication.
X.509 certificates are standardized, secured and widely used in many applications. They allow you to use TLS/SSL and HTTPS which keeps your communications encrypted and secured.
The idea of authentication in RavenDB is based on a fact that the server holds a server certificate, which is either signed by a trusted SSL Certificate Authority or self-signed. The server certificate is used by an administrator to generate client certificates with assigned permissions. Client certificates can be used for authentication, and authorization is granted according to the assigned permissions.
RavenDB does not use PKI infrastructure to trust certificates and uses a more strict approach. It will allow access to client certificates which are explicitly registered in the RavenDB server or certificates which have the same issuer and Public Key Pinning Hash as a certificate which is already trusted.
Registering a certificate means one of the following:
The certificate was generated by the server
The certificate was registered explicitly by an administrator.
In any case, it must appear in the certificates view in the studio. Visit the Certificate Management section for more information.
In the Studio, administrators can use the Certificates View to easily manage their certificates. It can be used to generate client certificates, register existing client certificates, import and export server certificates, rename, assign permissions and more.