@itentialopensource/adapter-meraki 0.8.0 → 0.8.1

package/AUTH.md

@@ -0,0 +1,40 @@
+# Authenticating Meraki Adapter 
+
+This document will go through the steps for authenticating the Meraki adapter with Basic Authentication. Properly configuring the properties for an adapter in IAP is critical for getting the adapter online. You can read more about adapter authentication [HERE](https://www.itential.com/automation-platform/integrations/adapters-resources/authentication/). 
+
+## Basic Authentication
+The Meraki adapter requires Basic Authentication. 
+
+STEPS  
+1. Ensure you have access to a Meraki server and that it is running
+2. Follow the steps in the main [README.md](./README.md) to import the adapter into IAP if you have not already done so
+3. Use the properties below for the ```properties.authentication``` field
+```json
+"authentication": {
+  "auth_method": "basic user_password",
+  "username": "<username>",
+  "password": "<password>",
+  "token": "",
+  "token_timeout": 1800000,
+  "token_cache": "local",
+  "invalid_token_error": 401,
+  "auth_field": "header.headers.Authorization",
+  "auth_field_format": "Basic {b64}{username}:{password}{/b64}",
+  "auth_logging": false,
+  "client_id": "",
+  "client_secret": "",
+  "grant_type": ""
+}
+```
+4. Restart the adapter. If your properties were set correctly, the adapter should go online. 
+   
+![Adapter Connected](./images/adapter_connected.png)
+
+## Troubleshooting
+* Make sure you copied over the correct username and password.
+* Turn on debug level logs for the adapter in IAP Admin Essentials.
+* Turn on auth_logging for the adapter in IAP Admin Essentials (adapter properties).
+* Investigate the logs - in particular:
+** The FULL REQUEST log to make sure the proper headers are being sent with the request.
+** The FULL BODY log
+** The CALL RETURN log to see what the other system is telling us.

package/CALLS.md

@@ -0,0 +1,100 @@
+## Using this Adapter
+
+The `adapter.js` file contains the calls the adapter makes available to the rest of the Itential Platform. The API detailed for these calls should be available through JSDOC. The following is a brief summary of the calls.
+
+### Generic Adapter Calls
+
+The `connect` call is run when the Adapter is first loaded by he Itential Platform. It validates the properties have been provided correctly.
+```js
+connect()
+```
+
+The `healthCheck` call ensures that the adapter can communicate with Meraki. The actual call that is used is defined in the adapter properties.
+```js
+healthCheck(callback)
+```
+
+The `refreshProperties` call provides the adapter the ability to accept property changes without having to restart the adapter.
+```js
+refreshProperties(properties)
+```
+
+The `encryptProperty` call will take the provided property and technique, and return the property encrypted with the technique. This allows the property to be used in the adapterProps section for the credential password so that the password does not have to be in clear text. The adapter will decrypt the property as needed for communications with Meraki.
+```js
+encryptProperty(property, technique, callback)
+```
+
+The `addEntityCache` call will take the entities and add the list to the entity cache to expedite performance.
+```js
+addEntityCache(entityType, entities, key, callback)
+```
+
+The `capabilityResults` call will take the results from a verifyCompatibility and put them in the format to be passed back to the Itential Platform.
+```js
+capabilityResults(results, callback)
+```
+
+The `hasEntity` call verifies the adapter has the specific entity.
+```js
+hasEntity(entityType, entityId, callback)
+```
+
+The `verifyCapability` call verifies the adapter can perform the provided action on the specific entity.
+```js
+verifyCapability(entityType, actionType, entityId, callback)
+```
+
+The `updateEntityCache` call will update the entity cache.
+```js
+updateEntityCache()
+```
+
+The `updateAdapterConfiguration` call provides the ability to update the adapter configuration from IAP - includes actions, schema, mockdata and other configurations.
+```js
+updateAdapterConfiguration(configFile, changes, entity, type, action, callback)
+```
+
+The `suspend` call provides the ability to suspend the adapter and either have requests rejected or put into a queue to be processed after the adapter is resumed.
+```js
+suspend(mode, callback)
+```
+
+The `unsuspend` call provides the ability to resume a suspended adapter. Any requests in queue will be processed before new requests.
+```js
+unsuspend(callback)
+```
+
+The `findPath` call provides the ability to see if a particular API path is supported by the adapter.
+```js
+findPath(apiPath, callback)
+```
+
+The `troubleshoot` call can be used to check on the performance of the adapter - it checks connectivity, healthcheck and basic get calls.
+```js
+troubleshoot(props, persistFlag, adapter, callback)
+```
+
+The `runHealthcheck` call will return the results of a healthcheck.
+```js
+runHealthcheck(adapter, callback)
+```
+
+The `runConnectivity` call will return the results of a connectivity check.
+```js
+runConnectivity(callback)
+```
+
+The `runBasicGet` call will return the results of running basic get API calls.
+```js
+runBasicGet(callback)
+```
+
+The `getQueue` call will return the requests that are waiting in the queue if throttling is enabled.
+```js
+getQueue(callback)
+```
+
+### Specific Adapter Calls
+
+Specific adapter calls are built based on the API of the Meraki. The Adapter Builder creates the proper method comments for generating JS-DOC for the adapter. This is the best way to get information on the calls.
+

package/CHANGELOG.md

@@ -1,4 +1,12 @@
 
+## 0.8.1 [04-13-2022]
+
+* added properties for broker calls and new documentation
+
+See merge request itentialopensource/adapters/sd-wan/adapter-meraki!16
+
+---
+
 ## 0.8.0 [01-21-2022]
 
 * migration to the latest foundation and broker ready

package/ENHANCE.md

@@ -0,0 +1,69 @@
+### Enhancements
+
+#### Adding a Second Instance of an Adapter
+
+You can add a second instance of this adapter without adding new code on the file system. To do this go into the IAP Admin Essentials and add a new service config for this adapter. The two instances of the adapter should have unique ids. In addition, they should point to different instances of the other system. For example, they should be configured to talk to different hosts.
+
+#### Adding Adapter Calls
+
+There are multiple ways to add calls to an existing adapter.
+
+The easiest way would be to use the Adapter Builder update process. This process takes in a Swagger or OpenAPI document, allows you to select the calls you want to add and then generates a zip file that can be used to update the adapter. Once you have the zip file simple put it in the adapter direcctory and execute `npm run adapter:update`.
+
+```bash
+mv updatePackage.zip adapter-meraki
+cd adapter-meraki
+npm run adapter:update
+```
+
+If you do not have a Swagger or OpenAPI document, you can use a Postman Collection and convert that to an OpenAPI document using APIMatic and then follow the first process.
+
+If you want to manually update the adapter that can also be done the key thing is to make sure you update all of the right files. Within the entities directory you will find 1 or more entities. You can create a new entity or add to an existing entity. Each entity has an action.json file, any new call will need to be put in the action.json file. It will also need to be added to the enum for the ph_request_type in the appropriate schema files. Once this configuration is complete you will need to add the call to the adapter.js file and in order to make it available as a workflow task in IAP, it should also be added to the pronghorn.json file. You can optionally add it to the unit and integration test files. There is more information on how to work on each of these files in the Adapter Technical Resources on Dev Site [HERE](https://developer.itential.io/adapters-resources/)
+
+```text
+Files to update
+* entities/<entity>/action.json: add an action
+* entities/<entity>/schema.json (or the schema defined on the action): add action to the enum for ph_request_type
+* adapter.js: add the new method and make sure it calls the proper entity and action
+* pronghorn.json: add the new method
+* test/unit/adapterTestUnit.js (optional but best practice): add unit test(s) - function is there, any required parameters error when not passed in
+* test/integration/adapterTestIntegration.js (optional but best practice): add integration test
+```
+
+#### Adding Adapter Properties
+
+While changing adapter properties is done in the service instance configuration section of IAP, adding properties has to be done in the adapter. To add a property you should edit the propertiesSchema.json with the proper information for the property. In addition, you should modify the sampleProperties to have the new property in it.
+
+```text
+Files to update
+* propertiesSchema.json: add the new property and how it is defined
+* sampleProperties: add the new property with a default value
+* test/unit/adapterTestUnit.js (optional but best practice): add the property to the global properties
+* test/integration/adapterTestIntegration.js (optional but best practice): add the property to the global properties
+```
+
+#### Changing Adapter Authentication
+
+Often an adapter is built before knowing the authentication and authentication process can also change over time. The adapter supports many different kinds of authentication but it does require configuration. Some forms of authentication can be defined entirely with the adapter properties but others require configuration.
+
+```text
+Files to update
+* entities/<entity>/action.json: change the getToken action as needed
+* entities/<entity>/schemaTokenReq.json: add input parameters (external name is name in other system)
+* entities/<entity>/schemaTokenResp.json: add response parameters (external name is name in other system)
+* propertiesSchema.json: add any new property and how it is defined
+* sampleProperties: add any new property with a default value
+* test/unit/adapterTestUnit.js (optional but best practice): add the property to the global properties
+* test/integration/adapterTestIntegration.js (optional but best practice): add the property to the global properties
+```
+
+#### Enhancing Adapter Integration Tests
+
+The adapter integration tests are written to be able to test in either stub (standalone) mode or integrated to the other system. However, if integrating to the other system, you may need to provide better data than what the adapter provides by default as that data is likely to fail for create and update. To provide better data, edit the adapter integration test file. Make sure you do not remove the marker and keep custom code below the marker so you do not impact future migrations. Once the edits are complete, run the integration test as it instructs you to above. When you run integrated to the other system, you can also save mockdata for future use by changing the isSaveMockData flag to true.
+
+```text
+Files to update
+* test/integration/adapterTestIntegration.js: add better data for the create and update calls so that they will not fail.
+```
+
+As mentioned previously, for most of these changes as well as other possible changes, there is more information on how to work on an adapter in the Adapter Technical Resources on Dev Site [HERE](https://developer.itential.io/adapters-resources/)

package/PROPERTIES.md

@@ -0,0 +1,247 @@
+## Configuration
+
+This section defines **all** the properties that are available for the adapter, including detailed information on what each property is for. If you are not using certain capabilities with this adapter, you do not need to define all of the properties. An example of how the properties for this adapter can be used with tests or IAP are provided in the sampleProperties.
+
+```json
+  {
+    "id": "ALL ADAPTER PROPERTIES!!!",
+    "properties": {
+      "host": "system.access.resolved",
+      "port": 443,
+      "base_path": "/",
+      "version": "v1",
+      "cache_location": "local",
+      "encode_pathvars": true,
+      "save_metric": true,
+      "stub": false,
+      "protocol": "https",
+      "authentication": {
+        "auth_method": "basic user_password",
+        "username": "username",
+        "password": "password",
+        "token": "token",
+        "invalid_token_error": 401,
+        "token_timeout": 0,
+        "token_cache": "local",
+        "auth_field": "header.headers.X-AUTH-TOKEN",
+        "auth_field_format": "{token}",
+        "auth_logging": false,
+        "client_id": "",
+        "client_secret": "",
+        "grant_type": ""
+      },
+      "healthcheck": {
+        "type": "startup",
+        "frequency": 300000,
+        "query_object": {}
+      },
+      "request": {
+        "number_redirects": 0,
+        "number_retries": 3,
+        "limit_retry_error": [401],
+        "failover_codes": [404, 405],
+        "attempt_timeout": 5000,
+        "global_request": {
+          "payload": {},
+          "uriOptions": {},
+          "addlHeaders": {},
+          "authData": {}
+        },
+        "healthcheck_on_timeout": false,
+        "return_raw": false,
+        "archiving": false,
+        "return_request": false
+      },
+      "ssl": {
+        "ecdhCurve": "",
+        "enabled": false,
+        "accept_invalid_cert": false,
+        "ca_file": "",
+        "key_file": "",
+        "cert_file": "",
+        "secure_protocol": "",
+        "ciphers": ""
+      },
+      "throttle": {
+        "throttle_enabled": false,
+        "number_pronghorns": 1,
+        "sync_async": "sync",
+        "max_in_queue": 1000,
+        "concurrent_max": 1,
+        "expire_timeout": 0,
+        "avg_runtime": 200,
+        "priorities": []
+      },
+      "proxy": {
+        "enabled": false,
+        "host": "localhost",
+        "port": 9999,
+        "protocol": "http",
+        "username": "",
+        "password": "",
+      },
+      "mongo": {
+        "host": "",
+        "port": 0,
+        "database": "",
+        "username": "",
+        "password": "",
+        "replSet": "",
+        "db_ssl": {
+          "enabled": false,
+          "accept_invalid_cert": false,
+          "ca_file": "",
+          "key_file": "",
+          "cert_file": ""
+        }
+      }
+    },
+    "type": "YOUR ADAPTER CLASS"
+  }
+```
+
+### Connection Properties
+
+These base properties are used to connect to Meraki upon the adapter initially coming up. It is important to set these properties appropriately.
+
+| Property | Description |
+| ------- | ------- |
+| host | Required. A fully qualified domain name or IP address.|
+| port | Required. Used to connect to the server.|
+| base_path | Optional. Used to define part of a path that is consistent for all or most endpoints. It makes the URIs easier to use and maintain but can be overridden on individual calls. An example **base_path** might be `/rest/api`. Default is ``.|
+| version | Optional. Used to set a global version for action endpoints. This makes it faster to update the adapter when endpoints change. As with the base-path, version can be overridden on individual endpoints. Default is ``.|
+| cache\_location | Optional. Used to define where the adapter cache is located. The cache is used to maintain an entity list to improve performance. Storage locally is lost when the adapter is restarted. Storage in Redis is preserved upon adapter restart. Default is none which means no caching of the entity list.|
+| encode\_pathvars | Optional. Used to tell the adapter to encode path variables or not. The default behavior is to encode them so this property can b e used to stop that behavior.|
+| save\_metric | Optional. Used to tell the adapter to save metric information (this does not impact metrics returned on calls). This allows the adapter to gather metrics over time. Metric data can be stored in a database or on the file system.|
+| stub | Optional. Indicates whether the stub should run instead of making calls to Meraki (very useful during basic testing). Default is false (which means connect to Meraki).|
+| protocol | Optional. Notifies the adapter whether to use HTTP or HTTPS. Default is HTTP.|
+
+A connectivity check tells IAP the adapter has loaded successfully.
+
+### Authentication Properties
+
+The following properties are used to define the authentication process to Meraki.
+
+>**Note**: Depending on the method that is used to authenticate with Meraki, you may not need to set all of the authentication properties.
+
+| Property | Description |
+| ------- | ------- |
+| auth\_method | Required. Used to define the type of authentication currently supported. Authentication methods currently supported are: `basic user_password`, `static_token`, `request_token`, and `no_authentication`.|
+| username | Used to authenticate with Meraki on every request or when pulling a token that will be used in subsequent requests.|
+| password | Used to authenticate with Meraki on every request or when pulling a token that will be used in subsequent requests.|
+| token | Defines a static token that can be used on all requests. Only used with `static_token` as an authentication method (auth\_method).|
+| invalid\_token\_error | Defines the HTTP error that is received when the token is invalid. Notifies the adapter to pull a new token and retry the request. Default is 401.|
+| token\_timeout | Defines how long a token is valid. Measured in milliseconds. Once a dynamic token is no longer valid, the adapter has to pull a new token. If the token\_timeout is set to -1, the adapter will pull a token on every request to Meraki. If the timeout\_token is 0, the adapter will use the expiration from the token response to determine when the token is no longer valid.|
+| token\_cache | Used to determine where the token should be stored (local memory or in Redis).|
+| auth\_field | Defines the request field the authentication (e.g., token are basic auth credentials) needs to be placed in order for the calls to work.|
+| auth\_field\_format | Defines the format of the auth\_field. See examples below. Items enclosed in {} inform the adapter to perofrm an action prior to sending the data. It may be to replace the item with a value or it may be to encode the item. |
+| auth\_logging | Setting this true will add some additional logs but this should only be done when trying to debug an issue as certain credential information may be logged out when this is true. |
+| client\_id | Provide a client id when needed, this is common on some types of OAuth. |
+| client\_secret | Provide a client secret when needed, this is common on some types of OAuth. |
+| grant\_type | Provide a grant type when needed, this is common on some types of OAuth. |
+
+#### Examples of authentication field format
+
+```json
+"{token}"
+"Token {token}"
+"{username}:{password}"
+"Basic {b64}{username}:{password}{/b64}"
+```
+
+### Healthcheck Properties
+
+The healthcheck properties defines the API that runs the healthcheck to tell the adapter that it can reach Meraki. There are currently three types of healthchecks.
+
+- None - Not recommended. Adapter will not run a healthcheck. Consequently, unable to determine before making a request if the adapter can reach Meraki.
+- Startup - Adapter will check for connectivity when the adapter initially comes up, but it will not check afterwards.
+- Intermittent - Adapter will check connectivity to Meraki at a frequency defined in the `frequency` property.
+
+| Property | Description |
+| ------- | ------- |
+| type | Required. The type of health check to run. |
+| frequency | Required if intermittent. Defines how often the health check should run. Measured in milliseconds. Default is 300000.|
+| query_object | Query parameters to be added to the adapter healthcheck call.|
+
+### Request Properties
+
+The request section defines properties to help handle requests.
+
+| Property | Description |
+| ------- | ------- |
+| number\_redirects | Optional. Tells the adapter that the request may be redirected and gives it a maximum number of redirects to allow before returning an error. Default is 0 - no redirects.|
+| number\_retries | Tells the adapter how many times to retry a request that has either aborted or reached a limit error before giving up and returning an error.|
+| limit\_retry\_error | Optional. Can be either an integer or an array. Indicates the http error status number to define that no capacity was available and, after waiting a short interval, the adapter can retry the request. If an array is provvided, the array can contain integers or strings. Strings in the array are used to define ranges (e.g. "502-506"). Default is [0].|
+| failover\_codes | An array of error codes for which the adapter will send back a failover flag to IAP so that the Platform can attempt the action in another adapter.|
+| attempt\_timeout | Optional. Tells how long the adapter should wait before aborting the attempt. On abort, the adapter will do one of two things: 1) return the error; or 2) if **healthcheck\_on\_timeout** is set to true, it will abort the request and run a Healthcheck until it re-establishes connectivity to Meraki, and then will re-attempt the request that aborted. Default is 5000 milliseconds.|
+| global\_request | Optional. This is information that the adapter can include in all requests to the other system. This is easier to define and maintain than adding this information in either the code (adapter.js) or the action files.|
+| global\_request -> payload | Optional. Defines any information that should be included on all requests sent to the other system that have a payload/body.|
+| global\_request -> uriOptions | Optional. Defines any information that should be sent as untranslated  query options (e.g. page, size) on all requests to the other system.|
+| global\_request -> addlHeaders | Optioonal. Defines any headers that should be sent on all requests to the other system.|
+| global\_request -> authData | Optional. Defines any additional authentication data used to authentice with the other system. This authData needs to be consistent on every request.|
+| healthcheck\_on\_timeout | Required. Defines if the adapter should run a health check on timeout. If set to true, the adapter will abort the request and run a health check until it re-establishes connectivity and then it will re-attempt the request.|
+| return\_raw | Optional. Tells the adapter whether the raw response should be returned as well as the IAP response. This is helpful when running integration tests to save mock data. It does add overhead to the response object so it is not ideal from production.|
+| archiving | Optional flag. Default is false. It archives the request, the results and the various times (wait time, Meraki time and overall time) in the `adapterid_results` collection in MongoDB. Although archiving might be desirable, be sure to develop a strategy before enabling this capability. Consider how much to archive and what strategy to use for cleaning up the collection in the database so that it does not become too large, especially if the responses are large.|
+| return\_request | Optional flag. Default is false. Will return the actual request that is made including headers. This should only be used during debugging issues as there could be credentials in the actual request.|
+
+### SSL Properties
+
+The SSL section defines the properties utilized for ssl authentication with Meraki. SSL can work two different ways: set the `accept\_invalid\_certs` flag to true (only recommended for lab environments), or provide a `ca\_file`.
+
+| Property | Description |
+| ------- | ------- |
+| enabled | If SSL is required, set to true. |
+| accept\_invalid\_certs | Defines if the adapter should accept invalid certificates (only recommended for lab environments). Required if SSL is enabled. Default is false.|
+| ca\_file | Defines the path name to the CA file used for SSL. If SSL is enabled and the accept invalid certifications is false, then ca_file is required.|
+| key\_file | Defines the path name to the Key file used for SSL. The key_file may be needed for some systems but it is not required for SSL.|
+| cert\_file | Defines the path name to the Certificate file used for SSL. The cert_file may be needed for some systems but it is not required for SSL.|
+| secure\_protocol | Defines the protocol (e.g., SSLv3_method) to use on the SSL request.|
+| ciphers | Required if SSL enabled. Specifies a list of SSL ciphers to use.|
+| ecdhCurve | During testing on some Node 8 environments, you need to set `ecdhCurve` to auto. If you do not, you will receive PROTO errors when attempting the calls. This is the only usage of this property and to our knowledge it only impacts Node 8 and 9. |
+
+### Throttle Properties
+
+The throttle section is used when requests to Meraki must be queued (throttled). All of the properties in this section are optional.
+
+| Property | Description |
+| ------- | ------- |
+| throttle\_enabled | Default is false. Defines if the adapter should use throttling o rnot. |
+| number\_pronghorns | Default is 1. Defines if throttling is done in a single Itential instance or whether requests are being throttled across multiple Itential instances (minimum = 1, maximum = 20). Throttling in a single Itential instance uses an in-memory queue so there is less overhead. Throttling across multiple Itential instances requires placing the request and queue information into a shared resource (e.g. database) so that each instance can determine what is running and what is next to run. Throttling across multiple instances requires additional I/O overhead.|
+| sync-async | This property is not used at the current time (it is for future expansion of the throttling engine).|
+| max\_in\_queue | Represents the maximum number of requests the adapter should allow into the queue before rejecting requests (minimum = 1, maximum = 5000). This is not a limit on what the adapter can handle but more about timely responses to requests. The default is currently 1000.|
+| concurrent\_max | Defines the number of requests the adapter can send to Meraki at one time (minimum = 1, maximum = 1000). The default is 1 meaning each request must be sent to Meraki in a serial manner. |
+| expire\_timeout | Default is 0. Defines a graceful timeout of the request session. After a request has completed, the adapter will wait additional time prior to sending the next request. Measured in milliseconds (minimum = 0, maximum = 60000).|
+| average\_runtime | Represents the approximate average of how long it takes Meraki to handle each request. Measured in milliseconds (minimum = 50, maximum = 60000). Default is 200. This metric has performance implications. If the runtime number is set too low, it puts extra burden on the CPU and memory as the requests will continually try to run. If the runtime number is set too high, requests may wait longer than they need to before running. The number does not need to be exact but your throttling strategy depends heavily on this number being within reason. If averages range from 50 to 250 milliseconds you might pick an average run-time somewhere in the middle so that when Meraki performance is exceptional you might run a little slower than you might like, but when it is poor you still run efficiently.|
+| priorities | An array of priorities and how to handle them in relation to the throttle queue. Array of objects that include priority value and percent of queue to put the item ex { value: 1, percent: 10 }|
+
+### Proxy Properties
+
+The proxy section defines the properties to utilize when Meraki is behind a proxy server.
+
+| Property | Description |
+| ------- | ------- |
+| enabled | Required. Default is false. If Meraki is behind a proxy server, set enabled flag to true. |
+| host | Host information for the proxy server. Required if `enabled` is true.|
+| port | Port information for the proxy server. Required if `enabled` is true.|
+| protocol | The protocol (i.e., http, https, etc.) used to connect to the proxy. Default is http.|
+| username | If there is authentication for the proxy, provide the username here.|
+| password | If there is authentication for the proxy, provide the password here.|
+
+### Mongo Properties
+
+The mongo section defines the properties used to connect to a Mongo database. Mongo can be used for throttling as well as to persist metric data. If not provided, metrics will be stored in the file system.
+
+| Property | Description |
+| ------- | ------- |
+| host | Optional. Host information for the mongo server.|
+| port | Optional. Port information for the mongo server.|
+| database | Optional. The database for the adapter to use for its data.|
+| username | Optional. If credentials are required to access mongo, this is the user to login as.|
+| password | Optional. If credentials are required to access mongo, this is the password to login with.|
+| replSet | Optional. If the database is set up to use replica sets, define it here so it can be added to the database connection.|
+| db\_ssl | Optional. Contains information for SSL connectivity to the database.|
+| db\_ssl -> enabled | If SSL is required, set to true.|
+| db\_ssl -> accept_invalid_cert | Defines if the adapter should accept invalid certificates (only recommended for lab environments). Required if SSL is enabled. Default is false.|
+| db\_ssl -> ca_file | Defines the path name to the CA file used for SSL. If SSL is enabled and the accept invalid certifications is false, then ca_file is required.|
+| db\_ssl -> key_file | Defines the path name to the Key file used for SSL. The key_file may be needed for some systems but it is not required for SSL.|
+| db\_ssl -> cert_file | Defines the path name to the Certificate file used for SSL. The cert_file may be needed for some systems but it is not required for SSL.|