How to generate MySQL SSL certificates (4248309)

How to generate MySQL SSL certificates

When you enable external database access from the Settings -> Security page. You also have the option to enable SSL to be used when accessing the database. By default, when SSL DB access is enabled, it is using the self-signed SSL certificates provide with your appliance.
You have the option to override this setting and upload your own SSL certificates. Below are the instructions to generate  SSL using the OpenSSL command.

Note: You may need to install openssl if using Windows. The Mac, Linux and Unix platforms may already have openssl installed. You may have to provide the full path to openssl if not in the PATH environment variable.

The first steps are to create what is called the 'Certificate Authority' certificate and private key first.

1) Create the CA private key

openssl genrsa 2048 > ca-key.pem

2) Create a CA certificate using the above CA private key.

openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem

You are about to be asked to enter information that will be incorporated into your certificate request.
It doesn’t really matter what you put in here, except when prompted for the Common Name,
do NOT use you SMA hostname or FQDN. You will use the SMA hostname or FQDN in a later step.
Once done, you will have a CA key and CA certificate and we can now create the other certificates.

  -----

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:California                                                          

Locality Name (eg, city) []:Aliso Viejo

Organization Name (eg, company) [Internet Widgits Pty Ltd]:Quest Software

Organizational Unit Name (eg, section) []:KACE Support

Common Name (eg, YOUR name) []:kacequest

Email Address []:john.Doe@email.com

3)  Create server certificate and private remove passphrase for private.  Note: server-cert.pem = public key, server-key.pem = private key.

openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem

As in step #2 you will be prompted to enter information that will be incorporated into your certificate request. During this step when prompted to enter the "Common Name", please enter your KACE appliance hostname or FQDN. As a reminder, you should not have used your hostname or FQDN in step #2. When prompted for "challenge password" leave it blank and hit enter. The "optional company name" can also be left blank.

4) Remove the passphrase from the private key. This is a required step.

openssl rsa -in server-key.pem -out server-key.pem

5) Create the MySQL server certificate.

openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

There were multiple files created during the steps listed above. Of these files, only the following 3 (ca.pem, server-key.pem, and server-key.pem)  are required to be applied to the appliance to the security settings page to override the default MySQL SSL certificates. 

Set MySQL SSL CA File: == ca.pem

Set MySQL SSL Private Key File: == server-key.pem

Set MySQL SSL Certificate File: == server-cert.pem