You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by "Marty J. Sullivan" <ma...@cornell.edu> on 2015/07/09 22:01:23 UTC

SSL with MySQL

Hello,

I am testing a new implementation of Cloudstack 4.5.1. I would like to use SSL between the Management Server and the MySQL Server since the MySQL server is hosted outside the datacenter. I don’t see an option to specify the root CA certs like you can with the mysql client. Is there a way to do this?

Thanks,
Marty

Re: SSL with MySQL

Posted by Ian Service <is...@ts2.ca>.

Hey Marty, here's the article I followed to create the keystores required
for Java to connect via SSL:

http://dev.mysql.com/doc/connector-j/en/connector-j-reference-using-ssl.html

Working like a champ.

- Ian

On Thu, Jul 9, 2015 at 4:23 PM, Ian Service <is...@ts2.ca> wrote:

> Hey Marty,
>
> I'm moving stuff around the network and adding a hop between the
> management server and MySQL so looked into it.
>
> Looks like /etc/cloudstack/management/db.properties has settings for it...
>
> # CloudStack database SSL settings
> db.cloud.useSSL=false
> db.cloud.keyStore=
> db.cloud.keyStorePassword=
> db.cloud.trustStore=
> db.cloud.trustStorePassword=
> db.cloud.keyStorePassphrase=vmops.com
>
> # Encryption Settings
> db.cloud.encryption.type=none
> db.cloud.encrypt.secret=
>
> - Ian
>
>
> On Thu, Jul 9, 2015 at 4:01 PM, Marty J. Sullivan <
> marty.sullivan@cornell.edu> wrote:
>
>> Hello,
>>
>> I am testing a new implementation of Cloudstack 4.5.1. I would like to
>> use SSL between the Management Server and the MySQL Server since the MySQL
>> server is hosted outside the datacenter. I don’t see an option to specify
>> the root CA certs like you can with the mysql client. Is there a way to do
>> this?
>>
>> Thanks,
>> Marty
>>
>
>

Re: SSL with MySQL

Posted by Ian Service <is...@ts2.ca>.

Hey Marty,

I'm moving stuff around the network and adding a hop between the management
server and MySQL so looked into it.

Looks like /etc/cloudstack/management/db.properties has settings for it...

# CloudStack database SSL settings
db.cloud.useSSL=false
db.cloud.keyStore=
db.cloud.keyStorePassword=
db.cloud.trustStore=
db.cloud.trustStorePassword=
db.cloud.keyStorePassphrase=vmops.com

# Encryption Settings
db.cloud.encryption.type=none
db.cloud.encrypt.secret=

- Ian


On Thu, Jul 9, 2015 at 4:01 PM, Marty J. Sullivan <
marty.sullivan@cornell.edu> wrote:

> Hello,
>
> I am testing a new implementation of Cloudstack 4.5.1. I would like to use
> SSL between the Management Server and the MySQL Server since the MySQL
> server is hosted outside the datacenter. I don’t see an option to specify
> the root CA certs like you can with the mysql client. Is there a way to do
> this?
>
> Thanks,
> Marty
>