1. Enabling SSL on database
2. Creating SSL enabled database user
3. Importing the public certificates to the client-truststore
4. Creating the connection with required parameters
In order to create a secured connection with WSO2 servers you can refer the comprehensive post by Prabath Siriwardena @ http://blog.facilelogin.com/2010/12/connecting-wso2-carbon-server-to-mysql.html
Here in this post I will discuss only on how to import the Amazon RDS public certificates to the client-truststore.jks
Since Amazon RDS provides a public certificate (rds-combined-ca-bundle.pem) with multiple certificates there are instances where servers fail to connect due to SSL handshake exceptions when certificates are imported with java keytool. Java keytool only imports one certificate at a time, but the RDS combined CA bundle has many CA certificates. When you try to import the bundle whole bundle in single effort it only imports one certificate, which may not be the root CA that you need to trust the RDS instance.
In order to import these certificates you should split the certificates first and then import the files to your client-truststore separately.
csplit -b %02d.pem -z rds-combined-ca-bundle.pem "/-----BEGIN/" "{*}"
Then you can use below command to import each certificate to the client-trustore.jks separately.
find . -iname 'xx*' -exec keytool -import -file {} -alias {} -storepass wso2carbon -keystore /opt/wso2/apimanager/repository/resources/security/client-truststore.jks \;
No comments:
Post a Comment