Connection to MySQL with SSL (.pem + .key) - mysql

I’m trying to connect to an KNIME with a MySQL Database with SSL certificate (.pem) and a private key.
Unfortunately I can’t find a way to include both files (.pem + .key) in a node or in the properties.
Can anyone help me or has experience with such a connection?
Thank you.

Comprehensive answer is given on KNIME forum here: https://forum.knime.com/t/connection-to-mysql-with-ssl-pem-key/17755
first you need to import the certificate and the private key into the Java keystore so that they can be used by the Java SSL library. For more details on this see the Setting up Client Authentication section of the MySQL documentation.
Once this is done you need to tell KNIME to use the truststore. You can do this either by appending the following two lines to the end of your knime.ini file which is located in the KNIME installation folder:
-Djavax.net.ssl.keyStore= path_to_keystore_file
-Djavax.net.ssl.keyStorePassword= mypassword
or you can specify them as JDBC Parameters in the connector node. In KNIME 4.0 you open the node dialog of the MySQL Connector node and go to the JDBC Parameters tab. In the tab add the following two parameters with the appropriate file path:
clientCertificateKeyStoreUrl=file:path_to_truststore_file
clientCertificateKeyStorePassword= mypassword
Instead of writing the password in plain text into the node dialog you can also use the Credentials Configuration node and connect it to the MySQL Connector node.
Once they are connected you can select the Credentials - password Type in the Type column of the table and then selecting the name of the credential in the Value column.

Related

Rundeck 3.3.6 Community - Move from H2 Db to MySql 8.0

My Ansible/Rundeck host is an Ubuntu 20.04 LTS system. I installed Ansible to tinker and then installed Rundeck. Once I was able to get the two talking and working properly (in my mind), I thought it would be best to move Rundeck to a production level DB engine instead of H2. I installed MySQL on the same host and setup the DB and the DB user as directed in the Rundeck docs. I then modified the RD properties file as the same document instructs but I keep getting a failure to connect to the database.
First it was this error:
WARN internal.JdbcEnvironmentInitiator - HHH000341: Could not obtain connection metadata : Could not connect to address=(host=10.10.140.23)(port=3306)(type=master) : Socket fail to connect to host:10.10.140.23, port:3306. Connection refused (Connection refused)
So then I researched the issue and it suggested to validate the user account in MySQL, grants, access, etc. - It all works from a command line testing in MySQL.
I read in one of my searches that some people had luck with removing the useSSL=false or setting it to true. That led to my next error of:
WARN internal.JdbcEnvironmentInitiator - HHH000341: Could not obtain connection metadata : Could not connect to address=(host=localhost)(port=3306)(type=master) : RSA public key is not available client side (option serverRsaPublicKeyFile)
During my research on this error, I read that I needed to add a property to allow the retrieval of the RSA keys, and I did but it didn't change a thing.
I then downloaded the Oracle MySQL jdbc driver and placed it in the var/lib/rundeck/lib folder and changed the driver class name in the properties file and then I received my next error of
WARN internal.JdbcEnvironmentInitiator - HHH000341: Could not obtain connection metadata : Could not connect to address=(host=127.0.0.1)(port=3306)(type=master) : (conn=355) Access denied for user 'sa'#'localhost' (using password: YES)
Current charset is UTF-8. If password has been set using other charset, consider using option 'passwordCharacterEncoding'
when I attempted to run Rundeck.
At this point I am back on H2 and I am too much of a Linux novice to understand what the issue may be. Can anyone kindly point me in a direction that helps as the Rundeck docks for using a MySQL DB seem to either be old or missing some content as a lot of the searches I have made on trying to resolve the issue directs me to perform things slight differently or all new commands that the Rundeck docs don't even mention.
I've fixed same issue stopping the Rundeck instance, later adding the following config on the rundeck-config.properties file (at /etc/rundeck path, check this):
# works with allowPublicKeyRetrieval=true
dataSource.url = jdbc:mysql://mysql_server_ip/rundeck?autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true
dataSource.username=rundeckuser
dataSource.password=your_password
dataSource.driverClassName=com.mysql.cj.jdbc.Driver
# to store projects on backend
rundeck.projectsStorageType=db
Next, flushing the connections on the database side with mysqladmin flush-hosts -u root -p.
Now, starting your Rundeck service, you can check that is using MySQL 8 as a data source for your projects.
EDIT: On the MySQL side, make sure that you've created the user properly, I followed these steps:
CREATE DATABASE rundeck;
CREATE USER 'rundeckuser'#'%' IDENTIFIED BY 'P4ssw0rd';
GRANT ALL PRIVILEGES ON rundeck.* TO 'rundeckuser'#'%';
exit;
Also check how MySQL 8 is storing the user's passwords.

Where can I find MySQL Path/URL for NetBeans?

I'm trying to do school JAVA EE project and I have to connect schema made in mysql from MYSql.
part of code is (for SQL select) :
String dbURL = "";
String user = "root";
String password = "root";
and i apperently have no URL somehow
Any ideas on that? I'm new to SQL and JAVA EE so i face lots of problems :/
First of all you need a running mysql instance. There are 2 possibilities :
(1) You need the domain :
local instance / domain : localhost
Remote instance / domain or IP
(2) You need the port of the mysql server instance
Default is 3306
(3) The name of the database you want to connect to.
Lets say you need to connect to the database test
Now in order to connect to the database you will need to generate the connection url. In our case since (I assume) you want to write java, the url is in jdbc format
jdbc:mysql://localhost:3306/test
In order to connect netbeans to a mysql Database you will need to follow the next steps :
Locate the service tab on the project tab and right click on the Databases.
Select the Mysql Driver and click next. (If the driver misses just download the file from the suggested portal it will be a jar).
Finally fill the appropriate information on the next frame
If you need parameters to your jdbc URL you can do so like :
jdbc:mysql://localhost:3306/test?param1=value1
You can find more detailed information on the Netbeans website : https://netbeans.org/kb/docs/ide/mysql.html

Using SSL with command-line Flywaydb ( flyway ) to deploy DB changes

I'm working on a proof of concept to deploy using flyway's command-line tool from a centralized server to deploy to multiple database platforms. (MySQL, Postgres, and SQL Server)
I'm able to deploy successfully without SSL, however it is using unencrypted host information such as logins/passwords/ports to the destination Database Server. My concern is there's a chance the un-encrypted traffic could be seen.
Does anyone have experience with the flyway command line tool using SSL to deploy to:
MySQL
SQL Server
I did not see any information in the documentation unless I missed it.
Thanks for any help and suggestions!
In the flyway examples in flyway.conf it shows how to add additional values to the jdbc url for example
# MySQL : jdbc:mysql://<host>:<port>/<database>?<key1>=<value1>&<key2>=<value2>...
# PostgreSQL : jdbc:postgresql://<host>:<port>/<database>?<key1>=<value1>&<key2>=<value2>...
# Redshift : jdbc:postgresql://<host>:<port>/<database>?<key1>=<value1>&<key2>=<value2>...
So for Redshift/Postgres for example you can include the ssl=true flag
flyway.url=jdbc:postgresql://yourserver:5439/dbname?ssl=true
You need to add the public key that the DB server key was signed with to your hosts trust store (for Redshift see http://docs.aws.amazon.com/redshift/latest/mgmt/connecting-ssl-support.html for details on that), e.g
${JAVA_HOME}/bin/keytool -keystore ${JAVA_HOME}/lib/security/cacerts -import -alias <alias> -file <certificate_filename>
I then had to hack the flyway startup script /flyway to include the truststore and password in the JAVA_ARGS (it probably should have these as variables) e.g
JAVA_ARGS="-Djava.security.egd=file:/dev/../dev/urandom -Djavax.net.ssl.trustStore=/etc/pki/java/cacerts -Djavax.net.ssl.trustStorePassword=changeit"
For MySQL I used the following URL to connect using SSL.
jdbc:mysql://hostname:3306/wpastudy?useSSL=true
Note the useSSL=true parameter.

CloverETL mySQL Database SSL secure connection & Parameters

I am trying to make the connection to a remote mysql database in CloverETL Designer (Community Version)
Documentation with examples on this subject seem fragmented so I have tried to piece the bits together but I'm not use if they are correct. I would be grateful for any suggestions or further clarification on this subject.
Here is what I have so far:
The SSL Certificate
As an alternative VPN connection the server guys passed me the raw CA certificate, which I saved as a .crt file in the conn folder of the CloverETL workspace.
CloverETL Connections
I created a new DB connection and tested it was working without SSL
In the graph window I created a simple graph
Switching to Source View I added the parameter attribute to the connection code like this:
<Connection database="MYSQL" dbURL="jdbc:mysql://hostname/database_name" id="JDBC0" jdbcSpecific="MYSQL" name="CPM" parameters="ssl=${WORKSPACE}/conn/mysql_cpm_cert.crt" password="password" type="JDBC" user="username"/>
Then I tested the connection to the database by creating new metadata from a DB table
The problem is that I don't know if the connect is now secure or not.
Here's the list of resources that I used to piece together the information:
components:bulkloaders:mysql_data_writer [CloverETL wiki]
MySQL :: MySQL 5.0 Reference Manual :: 6.3.6.3 SSL Command Options
Thanks
CPM
Your setup almost certainly does not use ssl. Both links you posted are not usable - first describes bulk loader and second connection via command line client. But what you need is to configure JDBC. So I would use http://dev.mysql.com/doc/refman/5.0/en/connector-j-reference-configuration-properties.html section "Security."
I would set:
useSSL=true
requireSSL=true
You will do that by adding items in table (Custom JDBC properties) on second tab (Advanced) of Connection Wizard. In source it should appear like "jdbc.useSSL=true jdbc.requireSSL=true" not "parameters=".
Then connection should fail, because in your default java key store is missing your certificate. It can be imported via http://docs.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html section "Importing Certificates"
I hope this helps.

How to set up a ColdFusion MySQL datasource over SSL?

Is there a way to set up a ColdFusion data source to connect to a MySQL server over a secure connection using SSL?
I don't see any obvious option to enable a SSL connection on the data source in CF administrator.
The only option I can think of is to use the "connection string" field.
This is for a current configuration that is set up. We have other options, but I am curious as to if this is possible. Thanks.
You would need to use the "other" option in the Drivers dropdown and build your own connection string. Here's an article I found on SSL for MySQL through JDBC drivers: http://www.razorsql.com/articles/mysql_ssl_jdbc.html
UPDATE: Here is another article with information on connecting via SSL and updating the keystore with certificate data. There is also some good content in the comments of the page: http://dev.mysql.com/doc/refman/5.0/en/connector-j-reference-using-ssl.html