** Note: These instruction only apply to Tibco-Scribe Online On-Premise Agents. Cloud Agents do not support the steps below. 

SSL Connections

MySQL uses the PEM format for certificates and private keys, but .NET does not support this format natively. To work around the issue convert your certificates to PFX aka PKCS#12 format using openssl . The complete instructions can be found in the MySQL documentation:  Tutorial: Configuring SSL with Connector/Net.

After conversion copy the certificate to the TIBCO Scribe® Online Agent manually.

Note: If you plan to create multiple MySQL Connections via SSL to the same database using the same TIBCO Scribe® Online Agent, then it is better to choose a store-based certificate to avoid printing and entering the file path and password multiple times.
 

SSL Mode

SSLMode connection string parameter can have the following values:

• None – do not use SSL
• Preferred – (default value) use SSL if the server supports it, but allow connection in all cases
• Required – Always use SSL. Deny connection if server does not support SSL
• VerifyCA – Always use SSL. Validate the CA but tolerate name mismatch
• VerifyFull – Always use SSL. Fail if the host name is not correct

 

Establish SSL Connection Using File-based Certificate

For this configuration, copy the certificate in PFX format to the TIBCO Scribe® Online Agent and specify the following parameters in the Additional Parameters field on the TIBCO Scribe® Online Oracle MySQL Connection dialog:

• SSLMode
  • Preferred or Required
• CertificateFile – path to certificate on the server where the TIBCO Scribe® Online Agent is hosted
• CertificatePassword – password for SSL certificate

Examples:

• SSLMode=Prefered;CertificateFile=C:\cert.pfx;CertificatePassword=foo
• SSLMode=Required;CertificateFile=C:\cert.pfx;CertificatePassword=foo

 

Establish SSL Connection Using Store-based Certificate

For this configuration, install the certificate in PFX format in the Certificate Store of the TIBCO Scribe® Online Agent account. Typically it is the Local System account.

To install certificate to in the Certificate Store, double-click the certificate and follow the Certificate Import Wizard instructions. To use the Local System Store choose Local Machine.



To determine the user account used by the TIBCO Scribe® Online Agent, open the Windows Services application and locate the Scribe Online Agent service.  Look in the Log On As column to see the account used by the TIBCO Scribe® Online Agent.





Specify the following parameters in the Additional Parameters field on the TIBCO Scribe Online Oracle MySQL Connection dialog:
 

• SSLMode
  • Preferred, Required, or VerifiedCA
• CertificateStoreLocation – enables you to access a certificate held in a personal Certificate Store, rather than use a certificate file and password combination
  • If the TIBCO Scribe® Online Agent is using the Local System account then use LocalMachine as the value of the CertificateSToreLocation parameter.
• CertificateThumbprint – optional parameter which specifies a certificate thumbprint to ensure correct identification of a certificate contained within a certificate store.
  • Value should not include whitespaces

Example:

SSLMode=Preferred;CertificateStoreLocation=LocalMachine;




 

Steps for configuring SSL Certificate for the TIBCO Scribe® Online Connector for Oracle MySQL.