Menu
I want to configure Wildfly 14 to use encrypted JDBC connection. I tried this:
MariaDB:
mysql -u root -p
CREATE USER 'wildfly' IDENTIFIED BY 'qwerty';
CREATE DATABASE production_gateway;
GRANT ALL PRIVILEGES ON production_gateway.* TO 'wildfly'@'%' REQUIRE SSL;
FLUSH PRIVILEGES;
Create certificate:
mkdir -p /etc/mysql/ssl
cd /etc/mysql/ssl
sudo openssl genrsa 4096 > ca-key.pem
sudo openssl req -new -x509 -nodes -days 36500 -key ca-key.pem -out cacert.pem
sudo openssl req -newkey rsa:4096 -days 36500 -nodes -keyout server-key.pem -out server-req.pem
sudo openssl rsa -in server-key.pem -out server-key.pem
sudo openssl x509 -req -in server-req.pem -days 36500 -CA cacert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
sudo openssl req -newkey rsa:2048 -days 36500 -nodes -keyout client-key.pem -out client-req.pem
sudo openssl rsa -in client-key.pem -out client-key.pem
sudo openssl x509 -req -in client-req.pem -days 36500 -CA cacert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
openssl verify -CAfile cacert.pem server-cert.pem client-cert.pem
Add certificate in MariDB under my.cnf
ssl-ca=/etc/mysql/ssl/cacert.pem
ssl-cert=/etc/mysql/ssl/server-cert.pem
ssl-key=/etc/mysql/ssl/server-key.pem
systemctl restart mysql
Import certificate in Java keystone:
cd /usr/lib/jvm/java-11-openjdk-amd64/lib/security/
openssl x509 -outform der -in /etc/mysql/ssl/client-cert.pem -out certificate.der
keytool -import -alias client -keystore /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts -file certificate.der -srcstorepass changeit
Export keystone configuration:
export JAVA_OPTS="-Djavax.net.ssl.keyStore=/usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts -Djavax.net.ssl.keyStorePassword=changeit"
When I use this connection link:
jdbc:mariadb://localhost:3306/production_gateway - it's working
But when I use: jdbc:mariadb://localhost:3306/production_gateway?useSSL=true&requireSSL=true
I get:
17:40:30,454 WARN [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (External Management Request Threads -- 1) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: IJ031084: Unable to create connection
17:40:30,472 ERROR [org.jboss.as.controller.management-operation] (External Management Request Threads -- 1) WFLYCTL0013: Operation ("test-connection-in-pool") failed - address: ([
("subsystem" => "datasources"),
("data-source" => "MariaDB")
]) - failure description: "WFLYJCA0040: failed to invoke operation: WFLYJCA0047: Connection is not valid"
Can you advice how I can fix this issue?
I use JDBC driver mariadb-java-client-2.3.0.jar
548
Enabling SSL for MySQL/MariaDB Log in again to verify that MySQL/MariaDB is running using SSL. Once in, run the following query: SHOW VARIABLES LIKE '%ssl%'; You should see that have_ssl is YES , and locations for all the critical files should be listed.
Yes, MySQL's Connector/J is compatible with MariaDB.
MariaDB Connector/J is used to connect applications developed in Java to MariaDB and MySQL databases using the standard JDBC API. The library is LGPL licensed. Date. Release. Status.
As per my knowledge,you just need to provide requireSSL field to true.
Try with below line :
jdbc:mariadb://localhost:3306/production_gateway?requireSSL=true
Let us know whether it's working or not.
For more clarification you can check this answer .
172
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
