How to import certificates for monitoring MySQL DB Server with SSL authentication?

How to import certificates for monitoring MySQL DB Server with SSL authentication?

MySQL DB Server supports Two-way SSL:
Solution 1:
  1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
  2. Combine the public certificate with its private-key into a pkcs12 format file.
    Syntax: openssl pkcs12 -export -inkey "your_private_key.key/.pem" -in "certificate.pem" -name alias-name -out output_filename.p12
    Enter Export password: (Check default password from AppManager UI--> Admin --> Manage Certificates --> List certificates --> view password)
    Example:
    openssl pkcs12 -export -inkey "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-key.pem" -in "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-cert.pem" -name ca -out ca.p12
  3. Import the pkcs12 file to apm.keystore by using keytool command as follows:
    Syntax: keytool -v -importkeystore -srckeystore [PATHTOCERTIFICATE] -srcstoretype PKCS12 -destkeystore AppManager_Home\working\Cert\apm.keystore -deststoretype JKS
    Enter destination keystore password: (Check default password from AppManager UI--> Admin --> Manage Certificates --> List certificates --> view password)
    Enter source keystore password: (Use the same password given while creating)
    Example:
    keytool -v -importkeystore -srckeystore E:\certs\ca-keystore.p12 -srcstoretype PKCS12 -destkeystore E:\New folder\apm.keystore -deststoretype JKS
  4. Restart Applications Manager to verify SSL connectivity while using MySQL monitor.

You need to replace AppManager_Home with the actual directory path where AppManager is installed.
Certificate password and keystore password should match.

Solution 2:
  1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
  2. Combine the public certificate with its private-key into a pkcs12 format file.
    Syntax: openssl pkcs12 -export -inkey "your_private_key.key/.pem" -in "certificate.pem" -name alias-name -out output_filename.p12
    Enter Export password: (Check default password from AppManager UI--> Admin --> Manage Certificates --> List certificates --> view password)
    Example:
    openssl pkcs12 -export -inkey "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-key.pem" -in "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-cert.pem" -name ca -out ca.p12
  3. Rename the newly generated .p12 files to .pfx format.
    Example:
    ca.p12 --> rename as --> ca.pfx
  4. Go to AppManager UI --> Admin -->  Manage Certificates --> Trust certificates
    1. Select keystore/Truststore under Import From.
    2. Select Oracle(apm.keystore) under Choose monitor type.
    3. Choose the desired file. (Note: File should be in .pfx format)
    4. Enter the file password then press Fetch certificate.
    5. It will list the certificates within the keystore file. Select the required certificate and press Import certificate.
  5. You can check if the certificate imported properly or not in  AppManager UI--> Admin --> Manage Certificates --> List certificates.