Configure SSL for Data Source connections

Please note you may need to download additional software to use the 'keytool' and 'openSSL' commands.

1. Run this command in the console/command prompt:

keytool -import -alias mysqlcert -file /home/peter/Desktop/croptrak_mysql.pem -keystore truststore

Enter a password for the truststore thats being created.
Type "yes" to trust the certificate.
This will create a file called truststore in the current directory.

2. Run this command in the console:

openssl x509 -outform DER -in /home/peter/Desktop/croptrak_mysql.pem -out client.cert

keytool -import -file client.cert -keystore keystore -alias mysqlclientcert

Enter a password for the keystore thats being created.
Again, type "yes" to trust the certificate.
This will create a file called keystore in the current directory.

You may also need to import the keystore into the JVM cacerts, the default password will be "changeit"

keytool -keystore ..\lib\security\cacerts -import -alias -file .\relative-path-to-cert-file\client.cert 

3. Now, add the following to your catalina.bat / file, or your service settings if you are using a windows service.
Not the full path to the keystore and truststore files. The passwords are the passwords that you typed in during the truststore/keystore creation process.


This is typically done in the same section where the JVM max memory is.

Restart Yellowfin.

4. Login to Yellowfin and create a new data source using the Generic JDBC Data Source. Adjust the connection string to use SSL. In MySQL databases this looks like:

Use the JDBC URL: jdbc:mysql://:/?useSSL=true&requireSSL=true

Is this article helpful?
0 0 0