2 Replies Latest reply on Jan 4, 2017 9:30 AM by shashank123hr

    Steps to connect to an AWS RDS MySql server from wildfly 10 through SSL/TLS

    shashank123hr

      Can someone please guide me in the steps to establish an SSL/TLS connection in mysql server from wildfly 10 datasource. The documentation does not even describe how to setup the properties for SSL .Any help is greatly appreciated. Thanks in advance.

        • 1. Re: Steps to connect to an AWS RDS MySql server from wildfly 10 through SSL/TLS
          mayerw01

          The MySQL 5.7 Reference Manual as well as the MySQL Connector/J 5.1 Developer Guide provide the details.

          Chap 7.4 (Using Secure Connections) of the ref manual and chap 5.5(Connecting Securely Using SSL) of the connector guide explain the steps

           

          But you should

          1. make sure that MySql is build with support for secure connections (OpenSSL or yaSSL)
          2. make sure that ssl is enabled (-ssl option in MySql)
          3. the certificates are generated (mysql_ssl_rsa_setup)
          4. import the MySQL server CA Certificate into a Java truststore or create a truststore in the current directory, and import the server's CA certificate
          5. either import the client certificate that matches the CA certificate you just imported, or create a new client certificate.
          6. set the system properties.

           

          For setting up the datasource in WildFly you may set the properties in the connection url like:

           

          jdbc:mysql://${hostname}:3306/test?autoReconnect=true&useSSL=true&verifyServerCertificate=true&trustCertificateKeyStoreUrl=file:///${pathToYourTruststore}/truststore&trustCertificateKeyStorePassword=${yourPassword}&clientCertificateKeyStoreUrl=file:///${pathToYourKeystore}/keystore&clientCertificateKeyStorePassword=${yourPassword}&requireSSL=true

          1 of 1 people found this helpful
          • 2. Re: Steps to connect to an AWS RDS MySql server from wildfly 10 through SSL/TLS
            shashank123hr

            Hi Wolfgang

             

            Thanks for the help. The above implementation worked for me and saved a lot of time.

             

            Thanks again

            Shashank