Configure Wildfly to use SSL connection for MariaDB

Question

I want to configure Wildfly 14 to use encrypted JDBC connection. I tried this:

MariaDB:

mysql -u root -p
CREATE USER 'wildfly' IDENTIFIED BY 'qwerty';
CREATE DATABASE production_gateway;
GRANT ALL PRIVILEGES ON production_gateway.* TO 'wildfly'@'%' REQUIRE SSL;
FLUSH PRIVILEGES;

Create certificate:

mkdir -p /etc/mysql/ssl
cd /etc/mysql/ssl

sudo openssl genrsa 4096 > ca-key.pem
sudo openssl req -new -x509 -nodes -days 36500 -key ca-key.pem -out cacert.pem
sudo openssl req -newkey rsa:4096 -days 36500 -nodes -keyout server-key.pem -out server-req.pem
sudo openssl rsa -in server-key.pem -out server-key.pem
sudo openssl x509 -req -in server-req.pem -days 36500 -CA cacert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

sudo openssl req -newkey rsa:2048 -days 36500 -nodes -keyout client-key.pem -out client-req.pem
sudo openssl rsa -in client-key.pem -out client-key.pem
sudo openssl x509 -req -in client-req.pem -days 36500 -CA cacert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
openssl verify -CAfile cacert.pem server-cert.pem client-cert.pem

Add certificate in MariDB under my.cnf

ssl-ca=/etc/mysql/ssl/cacert.pem
ssl-cert=/etc/mysql/ssl/server-cert.pem
ssl-key=/etc/mysql/ssl/server-key.pem

systemctl restart mysql

Import certificate in Java keystone:

cd /usr/lib/jvm/java-11-openjdk-amd64/lib/security/

openssl x509 -outform der -in /etc/mysql/ssl/client-cert.pem -out certificate.der

keytool -import -alias client -keystore /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts -file certificate.der -srcstorepass changeit

Export keystone configuration:

export JAVA_OPTS="-Djavax.net.ssl.keyStore=/usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts -Djavax.net.ssl.keyStorePassword=changeit"

When I use this connection link:

jdbc:mariadb://localhost:3306/production_gateway - it's working

But when I use: jdbc:mariadb://localhost:3306/production_gateway?useSSL=true&requireSSL=true

I get:

17:40:30,454 WARN  [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (External Management Request Threads -- 1) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: IJ031084: Unable to create connection
17:40:30,472 ERROR [org.jboss.as.controller.management-operation] (External Management Request Threads -- 1) WFLYCTL0013: Operation ("test-connection-in-pool") failed - address: ([
    ("subsystem" => "datasources"),
    ("data-source" => "MariaDB")
]) - failure description: "WFLYJCA0040: failed to invoke operation: WFLYJCA0047: Connection is not valid"

Can you advice how I can fix this issue? I use JDBC driver mariadb-java-client-2.3.0.jar

Answer 1

As per my knowledge,you just need to provide requireSSL field to true.

Try with below line :

jdbc:mariadb://localhost:3306/production_gateway?requireSSL=true

Let us know whether it's working or not.

For more clarification you can check this answer .