How to import certificates for monitoring MariaDB/MySQL DB Server with SSL authentication?
To monitor the MariaDB/MySQL, the respective MariaDB or MySQL driver must be utilized. In Applications Manager, the required driver can be selected in the Monitor Add/Edit page.
MariaDB Driver connection
If the monitor was added using MariaDB for connection purposes, then the certificate should imported to the following path:
AppManager UI --> Settings --> Manage Certificates --> Trust Certificates --> Keystore/Truststore --> Select cacerts
Applications Manager restart is required for the changes to take effect.
MySQL DB Driver connection
The MySQL DB Server connection supports Two-way SSL.
Solution 1:
- Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
- Combine the public certificate with its private-key into a pkcs12 format file.
Syntax: openssl pkcs12 -export -inkey "your_private_key.key/.pem" -in "certificate.pem" -name alias-name -out output_filename.p12
Enter Export password: (Check default password from AppManager UI--> Admin --> Manage Certificates --> List certificates --> view password)
Example:
openssl pkcs12 -export -inkey "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-key.pem" -in "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-cert.pem" -name ca -out ca.p12 - Import the pkcs12 file to apm.keystore by using keytool command as follows:
Syntax: keytool -v -importkeystore -srckeystore [PATHTOCERTIFICATE] -srcstoretype PKCS12 -destkeystore AppManager_Home\working\Cert\apm.keystore -deststoretype JKS
Enter destination keystore password: (Check default password from AppManager UI--> Admin --> Manage Certificates --> List certificates --> view password)
Enter source keystore password: (Use the same password given while creating)
Example:
keytool -v -importkeystore -srckeystore E:\certs\ca-keystore.p12 -srcstoretype PKCS12 -destkeystore E:\New folder\apm.keystore -deststoretype JKS - Restart Applications Manager to verify SSL connectivity while using MySQL monitor.
You need to replace AppManager_Home with the actual directory path where Applications Manager is installed.
The certificate password and keystore password must match.
Solution 2:
- Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
- Combine the public certificate with its private-key into a pkcs12 format file.
Syntax: openssl pkcs12 -export -inkey "your_private_key.key/.pem" -in "certificate.pem" -name alias-name -out output_filename.p12
Enter Export password: (Check default password from AppManager UI--> Admin --> Manage Certificates --> List certificates --> view password)
Example:
openssl pkcs12 -export -inkey "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-key.pem" -in "C:\ProgramData\MySQL\MySQL Server 5.7\cert\ca-cert.pem" -name ca -out ca.p12 - Rename the newly generated .p12 files to .pfx format.
Example:
ca.p12 --> rename as --> ca.pfx - Go to AppManager UI --> Admin --> Manage Certificates --> Trust certificates
- Select keystore/Truststore under Import From.
- Select Oracle(apm.keystore) under Choose monitor type.
- Choose the desired file. (Note: File should be in .pfx format)
- Enter the file password then press Fetch certificate.
- It will list the certificates within the keystore file. Select the required certificate and press Import certificate.
- You can check if the certificate imported properly or not in AppManager UI--> Admin --> Manage Certificates --> List certificates.
New to ADSelfService Plus?