Configure SSL for Data Source connections

Please note you may need to download additional software to use the 'keytool' and 'openSSL' commands.

1. Run this command in the console/command prompt:

keytool -import -alias mysqlcert -file /home/peter/Desktop/croptrak_mysql.pem -keystore truststore

Enter a password for the truststore thats being created.
Type "yes" to trust the certificate.
This will create a file called truststore in the current directory.


2. Run this command in the console:

openssl x509 -outform DER -in /home/peter/Desktop/croptrak_mysql.pem -out client.cert

keytool -import -file client.cert -keystore keystore -alias mysqlclientcert

Enter a password for the keystore thats being created.
Again, type "yes" to trust the certificate.
This will create a file called keystore in the current directory.

You may also need to import the keystore into the JVM cacerts, the default password will be "changeit"

keytool -keystore ..\lib\security\cacerts -import -alias your.ssl.server.name -file .\relative-path-to-cert-file\client.cert 

3. Now, add the following to your catalina.bat / catalina.sh file, or your service settings if you are using a windows service.
Not the full path to the keystore and truststore files. The passwords are the passwords that you typed in during the truststore/keystore creation process.

JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStore=/applications/apache-tomcat-5.5.32/keystore"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStorePassword=password"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/applications/apache-tomcat-5.5.32/truststore"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=password"

This is typically done in the same section where the JVM max memory is.

Restart Yellowfin.

4. Login to Yellowfin and create a new data source using the Generic JDBC Data Source. Adjust the connection string to use SSL. In MySQL databases this looks like:


Use the JDBC URL: jdbc:mysql://:/?useSSL=true&requireSSL=true

Is article helpful?