Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do you specify different keystore alias for mysql ssl connection and tomcat ssl connection?

Jeff Clay
Jeff Clay July 3, 2017

I have a Centos 7 server which I am installing Jira Core (will expand to include Service Desk and Software later). I have a CA signed wildcard SSL certificate for my domain that I am trying to configure with tomcat. I also have a remote MySQL server configured for SSL connections (self signed).

Looking at the documentation https://confluence.atlassian.com/jirakb/configuring-jira-to-connect-to-mysql-via-ssl-280691010.html  and   https://confluence.atlassian.com/jira064/running-jira-over-ssl-or-https-720411727.html  It seems that Tomcat and MySQL JDBC are using the settings from server.xml for port 8443. 

I started off configuring MySQL for SSL which worked fine. I then went through the steps https://confluence.atlassian.com/jira064/running-jira-over-ssl-or-https-720411727.html and https://confluence.atlassian.com/kb/how-to-import-an-existing-ssl-certificate-for-use-in-tomcat-838412853.html  to use my CA signed cert for Tomcat. At this point the web session is working in 8443 but it seems that it's using the wrong SSL cert or something for MySQL because I keep getting an error that access was denied to mysql using password yes.

I thought that the MySQL specific SSL settings would be dbconfig.xml file but I can't find any options for that.

I may have asked the wrong question, but I hope I explained my problem well enough for you to see what I'm trying to accomplish.

Answer
Watch
Like Be the first to like this
797 views

2 answers

0 votes
Desislav Kamenov
Desislav Kamenov January 12, 2018

It's been a while and probably the issue has been fixed but as far as I understand the issue is the Jira can't connect to MySQL over SSL while the articles mentioned explain how to import an SSL certificate so that Jira can be accessed  over https by users.

MySQL has its own SSL related properties that can be passed either via the jdbc url or through the code as connection properties.

As the second approach is not viable (you can't modify Jira source code, you have to add certain parameters to the jdbc URL

That page explains them in details - https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-configuration-properties.html 

but you need useSSL, requireSSL, verifyServerCertificate, clientCertificate[all of them] and trustCertificate[all of them] if you use a self signed server certificate.

Follow the JKS/PKCS12 keystore procedure described in the articles you have mentioned to generate the keystore and truststore files.

The "access denied" error is quite misleading as the real reason is ssl handshake can't be completed if SSL is forced on MySQL server side. Spent half a day fighting it.

Reply
0 votes
somethingblue
somethingblue
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 6, 2017

Hi Jeff,

Are you seeing a message similar to the following:

Access denied for user 'branden'@'192.168.2.82'(using password: YES)

I normally see this when attempting to access MySQL from another computer other than the one it's setup on.  In light of that, there is a MySQL knowledge base that may assist with this error titled Troubleshooting Problems Connecting to MySQL:

If you get the following error, it means that you are using an incorrect password:

If the preceding error occurs even when you have not specified a password, it means that you have an incorrect password listed in some option file. Try the --no-defaults option as described in the previous item.

Please review Troubleshooting Problems Connecting to MySQL in it's entirety and you should be able to get around this.

Cheers,

Branden

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events