cdonat cdonat - 6 months ago 44
SQL Question

Kettle, JDBC, MySQL, SSL: Could not Connetct to database

I am trying to connect to a MySQL Database with SSL using a Client Certificate. I have created a truststore with the CA Certificate:

keytool -import -alias mysqlServerCACert -file ca.crt -keystore truststore

Then I created a keystore with my private key and my client certificate:

openssl pkcs12 -export -out bi.pfx -inkey bi.key -in bi.crt -certfile ca.crt
openssl x509 -outform DER -in bi.pem -out bi.der
keytool -importkeystore -file bi.der -keystore keystore -alias mysqlClientCertificate

I added useSSL=true and requireSSL=true to the jdbc URL and passed${db.keyStore}${db.keyStore.pwd}${db.trustStore}${db.keyStore.pwd}

to the kettle transformation from the surrounding job. I still get "Could not create connection to database server".

I can connect via SSL using the command line tool:

mysql --protocol=tcp -h myqlhost -P 3309 -u bi -p --ssl=on --ssl-ca=ca.crt --ssl-cert=bi.crt --ssl-key=bi.key db_name

Therefore my current guess is, that ther is an issue with the SSL Certificates.

Is there a way to make the MySQL JDBC Driver tell me more details, what went wrong?

Is my assumtion wrong, that kettle parameters can be used to set system properties? How do I do that instead then?


OK, here is the solution, that I have found now:

The start scripts for the various kettle tools pass parameters to the JVM by reading an environment-variable "OPT". So I have set

export OPT=""

Now the MySQL JDBC Driver finds its certificates and private key and can establish the connection.