[cf-dev] Using a TLS connection to the MySQL database #uaa

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[cf-dev] Using a TLS connection to the MySQL database #uaa

vshetty via Lists.Cloudfoundry.Org
We have  a separate instance of UAA server interacting with the MySQL database running on cloud.gov. Recently, we have been advised to use a TLS connection to connect to the database. After doing some research, we found that the TLS certifciate is setup on the MySQL server. How do I make sure that the UAA server can connect to this MySQL server using TLS ? Is there any any configuration in uaa.yml that I can set ? 

Any help would be appreciated ! 

Thanks, 
Viraj 
_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8701) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #uaa


Reminder that all communication on this mailing list is subject to the Cloud Foundry Foundation's code of conduct, which can be found here: https://www.cloudfoundry.org/code-of-conduct/
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]
_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Using a TLS connection to the MySQL database #uaa

Filip Hanik
MySQL TLS is enabled through the JDBC URL of the MySQL driver.
For example, if you are deploying the UAA using Bosh, it generates the JDBC URL based on your configuration, and inserts that into uaa.yml

Here is a reference to URL properties


On Tue, Aug 6, 2019 at 1:14 PM vshetty via Lists.Cloudfoundry.Org <vshetty=[hidden email]> wrote:
We have  a separate instance of UAA server interacting with the MySQL database running on cloud.gov. Recently, we have been advised to use a TLS connection to connect to the database. After doing some research, we found that the TLS certifciate is setup on the MySQL server. How do I make sure that the UAA server can connect to this MySQL server using TLS ? Is there any any configuration in uaa.yml that I can set ? 

Any help would be appreciated ! 

Thanks, 
Viraj 

_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8702) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #uaa


Reminder that all communication on this mailing list is subject to the Cloud Foundry Foundation's code of conduct, which can be found here: https://www.cloudfoundry.org/code-of-conduct/
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]
_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Using a TLS connection to the MySQL database #uaa

vshetty via Lists.Cloudfoundry.Org
Thanks Filip. That was very helpful. I updated the uaa.yml with useSSL = true. I had to set trustServerCertificate to true as well otherwise it gives a handshake error. 

If i want to validate the MySQL server certificate, then do I just add it to the cacerts truststore of the UAA server ?  
_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8703) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #uaa


Reminder that all communication on this mailing list is subject to the Cloud Foundry Foundation's code of conduct, which can be found here: https://www.cloudfoundry.org/code-of-conduct/
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]
_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Using a TLS connection to the MySQL database #uaa

Filip Hanik
You’re welcome. 

Covered in a later section


On Wed, Aug 7, 2019 at 13:55 vshetty via Lists.Cloudfoundry.Org <vshetty=[hidden email]> wrote:
Thanks Filip. That was very helpful. I updated the uaa.yml with useSSL = true. I had to set trustServerCertificate to true as well otherwise it gives a handshake error. 

If i want to validate the MySQL server certificate, then do I just add it to the cacerts truststore of the UAA server ?  

_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8704) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #uaa


Reminder that all communication on this mailing list is subject to the Cloud Foundry Foundation's code of conduct, which can be found here: https://www.cloudfoundry.org/code-of-conduct/
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]
_._,_._,_