In order to use SSL, your MySQL server must be built with OpenSSL or yaSSL. To check whether SSL is enabled, run this query:
SHOW VARIABLES LIKE 'have_ssl';
If the query returns YES, your server can use SSL. If it returns DISABLED, the server must be started with the SSL options listed in the above mentioned section. SSL and RSA certificates and keys must also be generated in order to use SSL. Information on generating those can be found here.
The client requires a client certificate and certificate authority (CA) certificate. These are named clientcert.pem and ca.pem respectively if generated by the MySQL server and should be located in the data directory. First, the client certificate needs to be converted into DER format. This can be performed by downloading OpenSSL and running the following command:
openssl x509 -outform DER -in client-cert.pem -out client.cert
Then, the certificates must be imported into the FglAM keystore. You can use the bundled keytool, which will be located in the Foglight Agent Manager\jre\1.8.0.72\jre\bin directory, or the equivalent on your system, with these commands:
keytool.exe -import -file client.cert -keystore ..\..\..\..\keystore -alias mysqlClientCertificate
keytool.exe -import -file ca.pem -keystore ..\lib\security\cacerts -alias mysqlServerCACert
If you have not changed the password for the keystore, the default password will be “changeit”.
Since the previous command imports the certificate into the JRE default truststore, this can be lost after an upgrade. To preserve this truststore, make a copy of the cacerts file and save it somewhere else in the FglAM installation directory, e.g. [FGLAM_HOME]\truststore
Next, edit the baseline.jvmargs.config file in the [FGLAM_HOME]\state\default\config directory and add the following parameters with file paths and passwords appropriate for your system. Escape any quotes with a ‘\’.
vmparameter.0 = "-Djavax.net.ssl.keyStore=\"C:/Foglight Agent Manager/keystore\"";
vmparameter.1 = "-Djavax.net.ssl.keyStorePassword=changeit";
vmparameter.2 = "-Djavax.net.ssl.trustStore=\"C:/Foglight Agent Manager/truststore/cacerts\"";
vmparameter.3 = "-Djavax.net.ssl.trustStorePassword=changeit";
Then, restart the FglAM and continue with the agent configuration, setting the “Use SSL” option in the Agent Properties to true
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center