One Star

[resolved] Create a new connection to mysql using SSL

Hello,
I need to access a mysql database secured with SSL certificates.
I have the certificates on my dektop, and I was able to access the database using Mysql Workbench.
How should I configure the mysql Db connection in the Metadata ?
I tried to do it as described in this post : , with adding something like that in the additionnal parameters :
noDatetimeStringSync=true&verifyServerCertificate=true&useSSL=true&requireSSL=true&ssl_ca=C:/Users/Desktop/SQL Dev/ca-cert.pem&ssl_key=C:/Users/Desktop/SQL Dev/client-key.pem&ssl_cert=C:/Users/Desktop/SQL Dev/client-cert.pem
But I get this error :

The last packet successfully received from the server was 45 milliseconds ago.  The last packet sent successfully to the server was 44 milliseconds ago.
      at org.talend.core.model.metadata.builder.database.JDBCDriverLoader.getConnection(JDBCDriverLoader.java:195)
      at org.talend.core.model.metadata.builder.database.ExtractMetaDataUtils.connect(ExtractMetaDataUtils.java:1092)
      at org.talend.core.model.metadata.builder.database.ExtractMetaDataFromDataBase.testConnection(ExtractMetaDataFromDataBase.java:315)
      at org.talend.metadata.managment.repository.ManagerConnection.check(ManagerConnection.java:289)
      at org.talend.repository.ui.wizards.metadata.connection.database.DatabaseForm$59.runWithCancel(DatabaseForm.java:3812)
      at org.talend.repository.ui.wizards.metadata.connection.database.DatabaseForm$59.runWithCancel(DatabaseForm.java:1)
      at org.talend.repository.ui.dialog.AProgressMonitorDialogWithCancel$1.runnableWithCancel(AProgressMonitorDialogWithCancel.java:77)
      at org.talend.repository.ui.dialog.AProgressMonitorDialogWithCancel$ARunnableWithProgressCancel$1.call(AProgressMonitorDialogWithCancel.java:161)
      at java.util.concurrent.FutureTask.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)
  Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
  
  The last packet successfully received from the server was 45 milliseconds ago.  The last packet sent successfully to the server was 44 milliseconds ago.
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
      at java.lang.reflect.Constructor.newInstance(Unknown Source)
      at com.mysql.jdbc.Util.handleNewInstance(Util.java:409)
      at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1127)
      at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:104)
      at com.mysql.jdbc.MysqlIO.negotiateSSLConnection(MysqlIO.java:5285)
      at com.mysql.jdbc.MysqlIO.proceedHandshakeWithPluggableAuthentication(MysqlIO.java:1720)
      at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1288)
      at com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2506)
      at com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2539)
      at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2321)
      at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:832)
      at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:46)
      at sun.reflect.GeneratedConstructorAccessor68.newInstance(Unknown Source)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
      at java.lang.reflect.Constructor.newInstance(Unknown Source)
      at com.mysql.jdbc.Util.handleNewInstance(Util.java:409)
      at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:417)
      at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:344)
      at org.talend.core.model.metadata.builder.database.DriverShim.connect(DriverShim.java:41)
      at org.talend.core.model.metadata.builder.database.JDBCDriverLoader.getConnection(JDBCDriverLoader.java:186)
      ... 9 more
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.ssl.Alerts.getSSLException(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
      at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
      at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
      at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
      at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
      at sun.security.ssl.Handshaker.processLoop(Unknown Source)
      at sun.security.ssl.Handshaker.process_record(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
      at com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:89)
      ... 25 more
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
      at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
      at sun.security.validator.Validator.validate(Unknown Source)
      at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
      at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
      at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
      ... 34 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
      at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
      at java.security.cert.CertPathBuilder.build(Unknown Source)
      ... 40 more


I wasn't able to find anything in the Talend documentation or in the help section...
Thank you,
Nicolas
1 ACCEPTED SOLUTION

Accepted Solutions
One Star

Re: [resolved] Create a new connection to mysql using SSL

I got it :
https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html
The additional parameters only need the useSSL=true option. And the java keystore must be updated as described in the url above.
Nicolas
1 REPLY
One Star

Re: [resolved] Create a new connection to mysql using SSL

I got it :
https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html
The additional parameters only need the useSSL=true option. And the java keystore must be updated as described in the url above.
Nicolas