Please note you may need to download additional software to use the 'keytool' and 'openSSL' commands.
1. Run this command in the console/command prompt:
keytool -import -alias mysqlcert -file /home/peter/Desktop/croptrak_mysql.pem -keystore truststore
Enter a password for the truststore thats being created.
Type "yes" to trust the certificate.
This will create a file called truststore in the current directory.
2. Run this command in the console:
openssl x509 -outform DER -in /home/peter/Desktop/croptrak_mysql.pem -out client.cert keytool -import -file client.cert -keystore keystore -alias mysqlclientcert
Enter a password for the keystore thats being created.
Again, type "yes" to trust the certificate.
This will create a file called keystore in the current directory.
You may also need to import the keystore into the JVM cacerts, the default password will be "changeit"
keytool -keystore ..\lib\security\cacerts -import -alias your.ssl.server.name -file .\relative-path-to-cert-file\client.cert
3. Now, add the following to your catalina.bat / catalina.sh file, or your service settings if you are using a windows service.
Not the full path to the keystore and truststore files. The passwords are the passwords that you typed in during the truststore/keystore creation process.
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStore=/applications/apache-tomcat-5.5.32/keystore" JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStorePassword=password" JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/applications/apache-tomcat-5.5.32/truststore" JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=password"
This is typically done in the same section where the JVM max memory is.
Restart Yellowfin.
4. Login to Yellowfin and create a new data source using the Generic JDBC Data Source. Adjust the connection string to use SSL. In MySQL databases this looks like:
Use the JDBC URL: jdbc:mysql://:/?useSSL=true&requireSSL=true