All Apps and Add-ons

How to configure Splunk DB connect to use self signed certificates for a connection to MySQL

grishazdravkov
Engager

Hey everyone,

We have configured a SQL server and a HF, the HF instance will have a connection to the MySQL server.

We successfully installed Slunk DB connect 3.5.1 on the HF, however when we try to connect to the database via ssl we receive the following error, you can check it in the screenshot attached.

link communication failure.jpg

Connecting to the DB server without SSL enabled works just fine. We also installed mysql client on the HF just to test if we have configured the certificates correctly and we are able to connect from the HF to the SQL server via SSL successfully. So we suspect there is a special way not mentioned in the documents how to set the app to use the certificates for connection to the SQL server. I tried adding the certs to the default.jks file located in $HOME_SPLUNK/etc/apps/splunk_app_db_connect/keystore ,  I also imported the certs to the jave keystore and truststore but without any success.  We also did tcpdump on port 3306 on the server hosting MySQL and, noticed that when we try to connect via ssl we get bad hand shake with a packet named continuation data, however doing the same thing connecting from the mysql client we are able to see a connection forming successfully with exchanging certs between the host and the client.

Thanks in advance for the help and please let me know if anything else is needed.

 

 

Labels (1)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...