How to import certificates for monitoring MariaDB/MySQL DB Server with SSL authentication?
To monitor the MariaDB/MySQL, the respective MariaDB or MySQL driver must be utilized. In Applications Manager, the required driver can be selected in the Monitor Add/Edit page.
MariaDB Driver connection
If the monitor was added using MariaDB for connection purposes, then the certificate should imported to the following path:
AppManager UI --> Settings --> Manage Certificates --> Trust Certificates --> Keystore/Truststore --> Select cacerts
Applications Manager restart is required for the changes to take effect.
MySQL DB Driver connection
The MySQL DB Server connection supports Two-way SSL.
Solution 1:
- Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
- Combine the public certificate with its private-key into a pkcs12 format file.
Syntax: openssl pkcs12 -export -inkey "your_private_key.key/.pem" -in "certificate.pem" -name alias-name -out output_filename.p12
Enter Export password: (Check default password from AppManager UI--> Admin --> Manage Certificates --> List certificates --> view password)
Example:
openssl pkcs12 -export -inkey "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-key.pem" -in "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-cert.pem" -name ca -out ca.p12 - Import the pkcs12 file to apm.keystore by using keytool command as follows:
Syntax: keytool -v -importkeystore -srckeystore [PATHTOCERTIFICATE] -srcstoretype PKCS12 -destkeystore AppManager_Home\working\Cert\apm.keystore -deststoretype JKS
Enter destination keystore password: (Check default password from AppManager UI--> Admin --> Manage Certificates --> List certificates --> view password)
Enter source keystore password: (Use the same password given while creating)
Example:
keytool -v -importkeystore -srckeystore E:\certs\ca-keystore.p12 -srcstoretype PKCS12 -destkeystore E:\New folder\apm.keystore -deststoretype JKS - Restart Applications Manager to verify SSL connectivity while using MySQL monitor.
You need to replace AppManager_Home with the actual directory path where Applications Manager is installed.
The certificate password and keystore password must match.
Solution 2:
- Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
- Combine the public certificate with its private-key into a pkcs12 format file.
Syntax: openssl pkcs12 -export -inkey "your_private_key.key/.pem" -in "certificate.pem" -name alias-name -out output_filename.p12
Enter Export password: (Check default password from AppManager UI--> Admin --> Manage Certificates --> List certificates --> view password)
Example:
openssl pkcs12 -export -inkey "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-key.pem" -in "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-cert.pem" -name ca -out ca.p12 - Rename the newly generated .p12 files to .pfx format.
Example:
ca.p12 --> rename as --> ca.pfx - Go to AppManager UI --> Admin --> Manage Certificates --> Trust certificates
- Select keystore/Truststore under Import From.
- Select Oracle(apm.keystore) under Choose monitor type.
- Choose the desired file. (Note: File should be in .pfx format)
- Enter the file password then press Fetch certificate.
- It will list the certificates within the keystore file. Select the required certificate and press Import certificate.
- You can check if the certificate imported properly or not in AppManager UI--> Admin --> Manage Certificates --> List certificates.
New to ADSelfService Plus?
Related Articles
How to import certificates for monitoring DB2 Server with SSL authentication?
By default, if you want to use self-signed certificates for SSL connection then the certificate generated by the DB2 server will be db2server.arm. But our AppManager doesn't support arm files. So it has to be renamed as the db2server.cer and then ...How to import certificates for monitoring Postgres Server with SSL authentication?
Error Message: The connection attempt failed! Reason: This error occurs when you are trying to add an SSL enabled server but the certificates which are used for SSL connection are not present in the cacerts. Solution: To import certificates, ...How to import certificates for monitoring Oracle database with SSL authentication?
For users using Applications Manager version 14250 and below: One-way SSL: (Client authentication disabled) 1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory. 2. Import your ...How to import certificates for monitoring Websphere Application Server with SSL authentication?
For users using Applications Manager version 14250 and below: Client certificate in .cer format 1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory. 2. Import your trusted CA ...Troubleshooting SSL Handshake Error
SSL Handshake Error SSL Handshake error occurs when a secure connection cannot be established to the URL added for monitoring. Common reasons for it are wrong SSL protocol version, incompatible ciphers, and invalid/missing client-side certificate. ...