I have a Centos 7 server which I am installing Jira Core (will expand to include Service Desk and Software later). I have a CA signed wildcard SSL certificate for my domain that I am trying to configure with tomcat. I also have a remote MySQL server configured for SSL connections (self signed).
Looking at the documentation https://confluence.atlassian.com/jirakb/configuring-jira-to-connect-to-mysql-via-ssl-280691010.html and https://confluence.atlassian.com/jira064/running-jira-over-ssl-or-https-720411727.html It seems that Tomcat and MySQL JDBC are using the settings from server.xml for port 8443.
I started off configuring MySQL for SSL which worked fine. I then went through the steps https://confluence.atlassian.com/jira064/running-jira-over-ssl-or-https-720411727.html and https://confluence.atlassian.com/kb/how-to-import-an-existing-ssl-certificate-for-use-in-tomcat-838412853.html to use my CA signed cert for Tomcat. At this point the web session is working in 8443 but it seems that it's using the wrong SSL cert or something for MySQL because I keep getting an error that access was denied to mysql using password yes.
I thought that the MySQL specific SSL settings would be dbconfig.xml file but I can't find any options for that.
I may have asked the wrong question, but I hope I explained my problem well enough for you to see what I'm trying to accomplish.
It's been a while and probably the issue has been fixed but as far as I understand the issue is the Jira can't connect to MySQL over SSL while the articles mentioned explain how to import an SSL certificate so that Jira can be accessed over https by users.
MySQL has its own SSL related properties that can be passed either via the jdbc url or through the code as connection properties.
As the second approach is not viable (you can't modify Jira source code, you have to add certain parameters to the jdbc URL
That page explains them in details - https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-configuration-properties.html
but you need useSSL, requireSSL, verifyServerCertificate, clientCertificate[all of them] and trustCertificate[all of them] if you use a self signed server certificate.
Follow the JKS/PKCS12 keystore procedure described in the articles you have mentioned to generate the keystore and truststore files.
The "access denied" error is quite misleading as the real reason is ssl handshake can't be completed if SSL is forced on MySQL server side. Spent half a day fighting it.
Hi Jeff,
Are you seeing a message similar to the following:
Access denied for user 'branden'@'192.168.2.82'(using password: YES)
I normally see this when attempting to access MySQL from another computer other than the one it's setup on. In light of that, there is a MySQL knowledge base that may assist with this error titled Troubleshooting Problems Connecting to MySQL:
If you get the following error, it means that you are using an incorrect password:
If the preceding error occurs even when you have not specified a password, it means that you have an incorrect password listed in some option file. Try the --no-defaults
option as described in the previous item.
Please review Troubleshooting Problems Connecting to MySQL in it's entirety and you should be able to get around this.
Cheers,
Branden
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.