All Apps and Add-ons

How to configure Splunk DB connect to use self signed certificates for a connection to MySQL


Hey everyone,

We have configured a SQL server and a HF, the HF instance will have a connection to the MySQL server.

We successfully installed Slunk DB connect 3.5.1 on the HF, however when we try to connect to the database via ssl we receive the following error, you can check it in the screenshot attached.

link communication failure.jpg

Connecting to the DB server without SSL enabled works just fine. We also installed mysql client on the HF just to test if we have configured the certificates correctly and we are able to connect from the HF to the SQL server via SSL successfully. So we suspect there is a special way not mentioned in the documents how to set the app to use the certificates for connection to the SQL server. I tried adding the certs to the default.jks file located in $HOME_SPLUNK/etc/apps/splunk_app_db_connect/keystore ,  I also imported the certs to the jave keystore and truststore but without any success.  We also did tcpdump on port 3306 on the server hosting MySQL and, noticed that when we try to connect via ssl we get bad hand shake with a packet named continuation data, however doing the same thing connecting from the mysql client we are able to see a connection forming successfully with exchanging certs between the host and the client.

Thanks in advance for the help and please let me know if anything else is needed.



Labels (1)
Tags (1)
0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.