I am able to establish RDS/MySQL SSL connection via MySQLWorkbench by specifying the certificate file path but unable to do that via 'SQL Workbench/j' because I couldn't find any option to give the certificate path.
SSL connection feature by specifying certificate path is not available in "SQL Workbench/j". You can make use of another good GUI tool 'Toad for MySQL' which provides this feature and a descent tool which I'm using from last 7 years.
Related
I need to set up my connection with PowerBI to Azure Database for MySQL flexible server. I can't seem to find any reliable documentation to do this.
Initially I'm getting this error when I try to connect to the server.
Get Data > More > Select MySQL Database
Input the Server name and Database name > Hit OK
Error: Connections using insecure transport are prohibited while
--require_secure_transport=ON.
Then I downloaded the SSL certificate from our Azure portal then successfully imported in the certmgr.msc under the Trusted Root Certification Authorities
But the same issue persists. Please take note that in this same machine I was able to connect to that server using phpmyadmin. In DbBeaver as well by simply installing the SSL as a CA Certificate. What can I try next?
when you import the certificate you get asked to install it for current user or local machine. Have you tried importing it on local machine rather than current user. I have it on local machine and able to connect to the Azure database for mysql server. let me know if it works.
Thanks
Sunitha
Able to fix my issue by installing the latest mySQL connector and importing a public SSL Certificate.
my machine previously has a MySQL Connector Net 7.0.2 then I downloaded the latest 8.0.32 from this page: https://dev.mysql.com/downloads/connector/net/
thanks to this reference: https://learn.microsoft.com/en-us/azure/mysql/flexible-server/connect-with-powerbi-desktop
-- Background:
I am using asp.net mvc project with 3.1 .net core.
I have azure setup for hosting it in app service.
For Database, I have mysql database server set up on Azure (version 5.7).
-- Problem:
I am using basic connection string when connecting to mysql database. But it is not working for hosted application.
When I connect the azure hosted database server locally using WorkBench, and run the program (locally), it 'works'. (WorkBench connection has Ssl = required and SSL cert File attached.)
But when I publish the same code with same connectionString, it is not working.
IS IT BCZ OF:
I am using 5.7 azure mysql database server?
(To update the version, do I need to create new mysql server on azure and pay $20? Because Mycrosoft documentation says there is 'Upgrade' option on overview. But there is not. Or might for higher subscription. Any suggestions?)
If the reason is I am missing mentioning ssl certi on hosted platform, how can I add it? Do I need to get storage to store that certificate? How can I mention that path in connectionString?
Any other reason for this problem?
I checked YouTube, Microsoft documents, And Google but didn't find solution.
UPDATE:
Libraries used:
MySql.EntityFrameworkCore 3.1.X
Microsoft.EntityFrameworkCore 3.1.X
MySql-Connector-Net 8.0.X
Connection String used: "Server=.mysql.database.azure.com;Port=3306;Database=;Uid=;Pwd=;"
Solution:
It was unable to connect because of incomplete networking.
I had to allow other azure services to connect that server.
Thanks for your comments.
I have a MySLQ running on a CentOS server with SSL enabled and it require SSL in order to connect to the databases. I created the certificates and keys using OpenSSL, getting this files:
ca.pem
ca-key.pem
client-cert-pem
client-key-pem
server-cert.pem
server-key.pem
Setup MySQL with this:
ssl-ca=/etc/certs/ca.pem
ssl-cert=/etc/certs/server-cert.pem
ssl-key=/etc/certs/server-key.pem
bind-address=*
require_secure_transport=ON
I created a user that require X509 on the MySLQ by using:
CREATE USER 'user'#'%' IDENTIFIED BY '<password>' REQUIRE X509;
Testing with the MySQL client console and MySQL Workbench providing the client certs and it works fine. Also works on a Java App that writes/reads the databases by importing certifitates to the keytores/trustores.
However, I cannot set up Power Bi Desktop version to connect to the MySQL server. I imported the certificates to the Trusted Root Autenticathion Authorities and a PKCS12 keystore and trustore (used also by the Java App). This image shows the certificate. It is in Spanish, but it says it has also the key and it is verified by the ca.pem.
This is according to the documentation, but the documentation about this is very old and very limited. Some of the process and/or tools are out of date.
This are the sources I could find:
https://github.com/Microsoft/PowerBI-visuals/blob/master/tools/CreateCertificate.md#generate-certificate-manually
https://github.com/Microsoft/PowerBI-visuals/blob/master/tools/CertificateAddWindows.md
https://powerbi.microsoft.com/es-es/blog/ssl-security-error-with-data-source/
However there is not much more info about how to properly connect (or I cannot find it).
The message I get on Power Bi is "We were unable to authenticate you with the credentials provided. Try again."
I must add that disabling SSL allows me to connect to the databases using Power Bi, without any issue, it is the SSL what doesn't work as I don't know how to properly provide the certificates and I cannot find anything that decribes the process.
I have my MySQL instance configured to use TLS. I have verified this by intentionally using untrusted certificates and watching the clients fail to connect (with an appropriate error message) and then restarting the MySQL service with trusted certificates configured and having the clients connect successfully.
I wanted to do a final check using openssl's s_client but I can't get it to work. When I execute the command below, I get an error saying "SSL23_GET_SERVER_Hello:unknown protocol" followed by "no peer certificate available" followed by some more text. However, when I use the same command against a TLS-enabled Tomcat instance and against the Remote Desktop port, I am able to establish the connection and view the server's certificate. What am I doing wrong? Does MySQL do some extra pre-negotiation before the TLS handshake starts?
openssl s_client -showcerts -connect host:port
While MySQL may use TLS, it isn't the total outside layer. There is a small amount of preamble that occurs before TLS starts. The openssl command line isn't aware of this.
Use the mysql client with its TLS options to test the client certificate.
I marked the response from #danblack correct as he did answer the question. However, I want to provide more information in case it helps anyone else. The
small amount of preamble that occurs before TLS starts
that he refers to can be found on GitHub here.
I have a web app in azure, of the MySQL in app type, it is a server with an instance of MySQL but the problem is that I can only manage the DB with PHPMyAdmin and I prefer to use the shell, so my question would be where can I verify the host, the user and the password that I must use to access from a console remotely?
According to this original App Service announcement for in-app MySql in 2016:
MySQL database cannot be accessed remotely. You can only access your
database content using PHPMyadmin or using MySQL utilities in KUDU
debug console.
And also
The database is protected by our sandbox environment and hence cannot
be accessed remotely through MySQL workbench or MySQL command line
tools (running on remote machine).
It would appear that this limitation is still in place.
For anyone who stumbled on this, to access the DB using PHP, use
https://name-of-your-site.scm.azurewebsites.net/phpmyadmin/index.php
Took me a while to find it,
You should get all these information looking in your Azure Portal, the "SQL Databases".
In the Overview menu, you'll get a Connection strings link with all the information you need.
Edit: and then you will be able to use this Connection Strings inside your application.