How to import certificates for monitoring MariaDB/MySQL DB Server with SSL authentication?

How to import certificates for monitoring MariaDB/MySQL DB Server with SSL authentication?

To monitor the MariaDB/MySQL, the respective MariaDB or MySQL driver must be utilized. In Applications Manager, the required driver can be selected in the Monitor Add/Edit page.

MariaDB Driver connection

If the monitor was added using MariaDB for connection purposes, then the certificate should imported to the following path:
AppManager UI --> Settings --> Manage Certificates --> Trust Certificates --> Keystore/Truststore --> Select cacerts
Applications Manager restart is required for the changes to take effect. 

MySQL DB Driver connection

The MySQL DB Server connection supports Two-way SSL.
Solution 1:
  1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
  2. Combine the public certificate with its private-key into a pkcs12 format file.
    Syntax: openssl pkcs12 -export -inkey "your_private_key.key/.pem" -in "certificate.pem" -name alias-name -out output_filename.p12
    Enter Export password: (Check default password from AppManager UI--> Admin --> Manage Certificates --> List certificates --> view password)
    Example:
    openssl pkcs12 -export -inkey "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-key.pem" -in "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-cert.pem" -name ca -out ca.p12
  3. Import the pkcs12 file to apm.keystore by using keytool command as follows:
    Syntax: keytool -v -importkeystore -srckeystore [PATHTOCERTIFICATE] -srcstoretype PKCS12 -destkeystore AppManager_Home\working\Cert\apm.keystore -deststoretype JKS
    Enter destination keystore password: (Check default password from AppManager UI--> Admin --> Manage Certificates --> List certificates --> view password)
    Enter source keystore password: (Use the same password given while creating)
    Example:
    keytool -v -importkeystore -srckeystore E:\certs\ca-keystore.p12 -srcstoretype PKCS12 -destkeystore E:\New folder\apm.keystore -deststoretype JKS
  4. Restart Applications Manager to verify SSL connectivity while using MySQL monitor.
You need to replace AppManager_Home with the actual directory path where Applications Manager is installed.
The certificate password and keystore password must match.

Solution 2:
  1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
  2. Combine the public certificate with its private-key into a pkcs12 format file.
    Syntax: openssl pkcs12 -export -inkey "your_private_key.key/.pem" -in "certificate.pem" -name alias-name -out output_filename.p12
    Enter Export password: (Check default password from AppManager UI--> Admin --> Manage Certificates --> List certificates --> view password)
    Example:
    openssl pkcs12 -export -inkey "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-key.pem" -in "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-cert.pem" -name ca -out ca.p12
  3. Rename the newly generated .p12 files to .pfx format.
    Example:
    ca.p12 --> rename as --> ca.pfx
  4. Go to AppManager UI --> Admin -->  Manage Certificates --> Trust certificates
    1. Select keystore/Truststore under Import From.
    2. Select Oracle(apm.keystore) under Choose monitor type.
    3. Choose the desired file. (Note: File should be in .pfx format)
    4. Enter the file password then press Fetch certificate.
    5. It will list the certificates within the keystore file. Select the required certificate and press Import certificate.
  5. You can check if the certificate imported properly or not in  AppManager UI--> Admin --> Manage Certificates --> List certificates.

                  New to ADSelfService Plus?