MySQL Client SSL Connection - not working

HI,

want to access a mysql DB over ssl from my workbench. looked in the knime Forum an found some hints. But still noch access via ssl. Therefor i ask for help!

Having a CA.PEM, Client-Cert.PEM, Client-key.PEM file. (the access still works from the mysql workbench with that)

Producing a truststore for the CA and a keystore for the Client-Certificate.
First produced a p12 file with openssl.

openssl pkcs12 -export -in C:\Users\...\client-key.pem -name "mysqlclient" -passout pass:xxxx -out client-keystore.p12

Then copied CA in truststore with keytool. Did the same with the P12 file into the keystore file.

keytool -importcert -alias MySQLCACert -file C:\Users…\ca.pem -keystore truststore -storepass xxxx

keytool -importkeystore -srckeystore client-keystore.p12 -srcstoretype pkcs12 -srcstorepass jofujofu3701 -destkeystore keystore -deststoretype JKS -deststorepass xxxx

Configured the mySQL Database Connector with the JDBC Parameter

JDBC-mySQL

Got an Error: Invalid keyfile format???
Asking for help - is there an easier way to access the remote DB with SSL?

Regards
Josef

Hello Josef,

when using the KNIME protocol type you have two different ways the path to the file is represented to the driver either as path or URL. The different names are shown via the tool tip of the type icon


Did you try both? Maybe the driver only supports path or URL as input. If you still have the problem please post the complete error message (stacktrace) from the KNIME log.

By the way if you trust that the database server is the one you want to connect to but still want to use SSL connection you can also bypass the certificate validation. To do so use only the following JDBC Parameters:

  • verifyServerCerticate=false
  • useSSL=true

Bye
Tobias

1 Like

Hi Tobias,

thanks alot for your hints and advices!
I choose an other way - stunnels with local port. Easy Access to all the ressources.
So it is working for me now - it’s just a Dev situation, so its ok.

Regards
Josef

1 Like

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.