** Note: These instruction only apply to Tibco-Scribe Online On-Premise Agents. Cloud Agents do not support the steps below.
SSL Connections
MySQL uses the PEM format for certificates and private keys, but .NET does not support this format natively. To work around the issue convert your certificates to PFX aka PKCS#12 format using openssl . The complete instructions can be found in the MySQL documentation:
Tutorial: Configuring SSL with Connector/Net.
After conversion copy the certificate to the TIBCO Scribe® Online Agent manually.
Note: If you plan to create multiple MySQL Connections via SSL to the same database using the same TIBCO Scribe® Online Agent, then it is better to choose a store-based certificate to avoid printing and entering the file path and password multiple times.
SSL Mode
SSLMode connection string parameter can have the following values:
- None – do not use SSL
- Preferred – (default value) use SSL if the server supports it, but allow connection in all cases
- Required – Always use SSL. Deny connection if server does not support SSL
- VerifyCA – Always use SSL. Validate the CA but tolerate name mismatch
- VerifyFull – Always use SSL. Fail if the host name is not correct
Establish SSL Connection Using File-based Certificate
For this configuration, copy the certificate in PFX format to the TIBCO Scribe® Online Agent and specify the following parameters in the Additional Parameters field on the TIBCO Scribe® Online Oracle MySQL Connection dialog:
- SSLMode
- CertificateFile – path to certificate on the server where the TIBCO Scribe® Online Agent is hosted
- CertificatePassword – password for SSL certificate
Examples:
- SSLMode=Prefered;CertificateFile=C:\cert.pfx;CertificatePassword=foo
- SSLMode=Required;CertificateFile=C:\cert.pfx;CertificatePassword=foo
Establish SSL Connection Using Store-based Certificate
For this configuration, install the certificate in PFX format in the Certificate Store of the TIBCO Scribe® Online Agent account. Typically it is the Local System account.
To install certificate to in the Certificate Store, double-click the certificate and follow the Certificate Import Wizard instructions. To use the Local System Store choose Local Machine.
To determine the user account used by the TIBCO Scribe® Online Agent, open the Windows Services application and locate the Scribe Online Agent service. Look in the
Log On As column to see the account used by the TIBCO Scribe® Online Agent.
Specify the following parameters in the Additional Parameters field on the TIBCO Scribe Online Oracle MySQL Connection dialog:
- SSLMode
- Preferred, Required, or VerifiedCA
- CertificateStoreLocation – enables you to access a certificate held in a personal Certificate Store, rather than use a certificate file and password combination
- If the TIBCO Scribe® Online Agent is using the Local System account then use LocalMachine as the value of the CertificateSToreLocation parameter.
- CertificateThumbprint – optional parameter which specifies a certificate thumbprint to ensure correct identification of a certificate contained within a certificate store.
- Value should not include whitespaces
For example, the thumbprint a9 09 50 2d d8 2a e4 14 33 e6 f8 38 86 b0 0d 42 77 a3 2a 7b, should be specified as a909502dd82ae41433e6f83886b00d4277a32a7b
Example:
SSLMode=Preferred;CertificateStoreLocation=LocalMachine;