How to import certificates for monitoring MariaDB/MySQL DB Server with SSL authentication?
For MariaDB Server
- Go to AppManager UI --> Settings --> Manage Certificates --> Trust Certificates --> Keystore/Truststore --> Select cacerts
- Restart Applications Manager to verify SSL connectivity while using the MariaDB monitor.
For MySQL DB Server
The MySQL DB Server supports Two-way SSL.
Solution 1:
- Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
- Combine the public certificate with its private-key into a pkcs12 format file.
Syntax: openssl pkcs12 -export -inkey "your_private_key.key/.pem" -in "certificate.pem" -name alias-name -out output_filename.p12
Enter Export password: (Check default password from AppManager UI --> Admin --> Manage Certificates --> List certificates --> view password)
Example:
openssl pkcs12 -export -inkey "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-key.pem" -in "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-cert.pem" -name ca -out ca.p12 - Import the pkcs12 file to apm.keystore by using keytool command as follows:
Syntax: keytool -v -importkeystore -srckeystore [PATHTOCERTIFICATE] -srcstoretype PKCS12 -destkeystore AppManager_Home\working\Cert\apm.keystore -deststoretype JKS
Enter destination keystore password: (Check default password from AppManager UI --> Admin --> Manage Certificates --> List certificates --> view password)
Enter source keystore password: (Use the same password given while creating)
Example:
keytool -v -importkeystore -srckeystore E:\certs\ca-keystore.p12 -srcstoretype PKCS12 -destkeystore E:\New folder\apm.keystore -deststoretype JKS - Restart Applications Manager to verify SSL connectivity while using MySQL monitor.
You need to replace AppManager_Home with the actual directory path where AppManager is installed.
Certificate password and keystore password should match.
Solution 2:
- Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
- Combine the public certificate with its private-key into a pkcs12 format file.
Syntax: openssl pkcs12 -export -inkey "your_private_key.key/.pem" -in "certificate.pem" -name alias-name -out output_filename.p12
Enter Export password: (Check default password from AppManager UI --> Admin --> Manage Certificates --> List certificates --> view password)
Example:
openssl pkcs12 -export -inkey "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-key.pem" -in "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-cert.pem" -name ca -out ca.p12 - Rename the newly generated .p12 files to .pfx format.
Example:
ca.p12 --> rename as --> ca.pfx - Go to AppManager UI --> Admin --> Manage Certificates --> Trust certificates
- Select keystore/Truststore under Import From.
- Select Oracle(apm.keystore) under Choose monitor type.
- Choose the desired file. (Note: File should be in .pfx format)
- Enter the file password then press Fetch certificate.
- It will list the certificates within the keystore file. Select the required certificate and press Import certificate.
- You can check if the certificate imported properly or not in AppManager UI --> Admin --> Manage Certificates --> List certificates.
New to ADSelfService Plus?
Related Articles
How to import certificates for monitoring DB2 Server with SSL authentication?
By default, if you want to use self-signed certificates for SSL connection then the certificate generated by the DB2 server will be db2server.arm. But our AppManager doesn't support arm files. So it has to be renamed as the db2server.cer and then ...How to import certificates for monitoring Postgres Server with SSL authentication?
Error Message: The connection attempt failed! Reason: This error occurs when you are trying to add an SSL enabled server but the certificates which are used for SSL connection are not present in the cacerts. Solution: To import certificates, ...How to import certificates for monitoring Oracle database with SSL authentication?
For users using Applications Manager version 14250 and below: One-way SSL: (Client authentication disabled) 1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory. 2. Import your ...Resolving Issues When Onboarding SSL-Enabled MySQL Database Servers
Error Message: Connections using insecure transport are prohibited while --require_secure_transport=ON Solution: To overcome this issue follow the steps given below: Execute the following query in the corresponding MySQL shell script: ALTER USER ...Troubleshooting SSL Handshake Error
An SSL Handshake error typically occurs when a secure connection cannot be established due to issues like incompatible SSL protocol versions, ciphers or missing client certificates. Verify URL Accessibility Ensure that the URL you’re monitoring is ...