Connecting To MySQL Using SSL

Connecting To MySQL Using SSL

book

Article ID: KB0075930

calendar_today

Updated On:

Products Versions
TIBCO Cloud Integration - Connect ( Scribe ) 1.3

Description

** Note: These instruction only apply to Tibco-Scribe Online On-Premise Agents. Cloud Agents do not support the steps below. 

SSL Connections


MySQL uses the PEM format for certificates and private keys, but .NET does not support this format natively. To work around the issue convert your certificates to PFX aka PKCS#12 format using openssl . The complete instructions can be found in the MySQL documentation:  Tutorial: Configuring SSL with Connector/Net.

After conversion copy the certificate to the TIBCO Scribe® Online Agent manually.

Note: If you plan to create multiple MySQL Connections via SSL to the same database using the same TIBCO Scribe® Online Agent, then it is better to choose a store-based certificate to avoid printing and entering the file path and password multiple times.
 

SSL Mode


SSLMode connection string parameter can have the following values:
  • None – do not use SSL
  • Preferred – (default value) use SSL if the server supports it, but allow connection in all cases
  • Required – Always use SSL. Deny connection if server does not support SSL
  • VerifyCA – Always use SSL. Validate the CA but tolerate name mismatch
  • VerifyFull – Always use SSL. Fail if the host name is not correct

 

Establish SSL Connection Using File-based Certificate


For this configuration, copy the certificate in PFX format to the TIBCO Scribe® Online Agent and specify the following parameters in the Additional Parameters field on the TIBCO Scribe® Online Oracle MySQL Connection dialog:
  • SSLMode
    • Preferred or Required
  • CertificateFile – path to certificate on the server where the TIBCO Scribe® Online Agent is hosted
  • CertificatePassword – password for SSL certificate

Examples:
  • SSLMode=Prefered;CertificateFile=C:\cert.pfx;CertificatePassword=foo
  • SSLMode=Required;CertificateFile=C:\cert.pfx;CertificatePassword=foo
 

Establish SSL Connection Using Store-based Certificate


For this configuration, install the certificate in PFX format in the Certificate Store of the TIBCO Scribe® Online Agent account. Typically it is the Local System account.

To install certificate to in the Certificate Store, double-click the certificate and follow the Certificate Import Wizard instructions. To use the Local System Store choose Local Machine.

kA30e000000fxksCAA_en_US_1_0

To determine the user account used by the TIBCO Scribe® Online Agent, open the Windows Services application and locate the Scribe Online Agent service.  Look in the Log On As column to see the account used by the TIBCO Scribe® Online Agent.


kA30e000000fxksCAA_en_US_1_1


Specify the following parameters in the Additional Parameters field on the TIBCO Scribe Online Oracle MySQL Connection dialog:
 
  • SSLMode
    • Preferred, Required, or VerifiedCA
  • CertificateStoreLocation – enables you to access a certificate held in a personal Certificate Store, rather than use a certificate file and password combination
    • If the TIBCO Scribe® Online Agent is using the Local System account then use LocalMachine as the value of the CertificateSToreLocation parameter.
  • CertificateThumbprint – optional parameter which specifies a certificate thumbprint to ensure correct identification of a certificate contained within a certificate store.
    • Value should not include whitespaces
For example, the thumbprint a9 09 50 2d d8 2a e4 14 33 e6 f8 38 86 b0 0d 42 77 a3 2a 7b, should be specified as a909502dd82ae41433e6f83886b00d4277a32a7b


Example:

SSLMode=Preferred;CertificateStoreLocation=LocalMachine;




 

Issue/Introduction

Steps for configuring SSL Certificate for the TIBCO Scribe® Online Connector for Oracle MySQL.