mySQL JDBC Driver and SSL - How Do You Do It?

[PointsWell]

Now that the mySQL driver has been updated to a version that is crabby when SSL is not switched on, does anyone have any pointers/documents/checklists as to how to implement SSL for the DB?

I've gotten as far as creating my client certificates but I am stumped as to what to do next.

[greenfrog]

SSL for a server or for a domain, OK I understand.
But SSL for the DB? Please, could you explain a little more what you mean here?

By the way, when you changed the JDBC driver, did you replace only the BASServer.props file or did you update AIM?

[PointsWell]

By the way, when you changed the JDBC driver, did you replace only the BASServer.props file or did you update AIM?

I updated AIM and replaced the BASServer.props with my original one

The most up to date version of the mySQL driver requires that you have SSL enabled - otherwise it will spew SSL warnings all over your logs. All the time.

This is just 10 minutes of the server idling:

Code: Select all

Thu Jun 14 16:34:05 AEST 2018 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
Thu Jun 14 16:34:05 AEST 2018 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
Thu Jun 14 16:39:05 AEST 2018 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
Thu Jun 14 16:39:05 AEST 2018 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
Thu Jun 14 16:44:05 AEST 2018 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
Thu Jun 14 16:44:05 AEST 2018 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

[greenfrog]

Thanks for the information about the update.

About "Establishing SSL connection without server's identity verification is not recommended", does it mean your server has no SSL certificate setup or does it mean only that your verifyServerCertificate property is set to 'false'?

[PointsWell]

Thanks for the information about the update.

About "Establishing SSL connection without server's identity verification is not recommended", does it mean your server has no SSL certificate setup or does it mean only that your verifyServerCertificate property is set to 'false'?

Good question - I don't have an SSL certificate in place for my Webserver but I also don't have the mySQL client certificate installed.

I started to look at both of those a while ago (database in 2017 and the server a few months ago) and it rapidly got into a space of not enough clarity as to what I was doing and not being able to find clear instruction / documentation to complete it.

My app is not live so it is not a (big) issue at the moment. But with the change in the JDBC driver cluttering up my log files I now need to address this.

A quick search suggests that the reference "verifyServerCertificate"relates to a database server setting not the web server.

[greenfrog]

I suppose you have first to set up the SSL certificate on your server and after that to set the MySQL verifyServerCertificate property to 'true'.
I have been struggling for more than a month to have AwareIM working properly at a rate of more or less 90% with SSL on a MacOS server.
I had to use tickets from Himanshu and Suwandy (you can send PM to both of them in this forum).
I can testify that:
- Himanshu knows very well AIM,
- and Suwandy does what he wants with servers.
In your case, Suwandy could probably easily solve your problem for a reasonable fee.
PM me if you would like to have his email address.

[PointsWell]

I suppose you have first to set up the SSL certificate on your server and after that to set the MySQL verifyServerCertificate property to 'true'.

The server certificate is in place for mySQL. I just can’t figure out how to implement correctly in Aware as there is no documentation on how to do it.

[greenfrog]

The AwareIM team focuses only on the AwareIM solution.
The documentation is very poor and even nonexistent when it's about AwareIM and other solutions.
For instance:
- AwareIM and the connected databases: Derby, SQL Server, MySQL or Oracle,
- AwareIM and Tomcat,
- AwareIM and OS: Windows Server, MacOS, and Linux,
- AwareIM and APIs,
- and so on...
About this kind of topics, the AwareIM support team very often writes, for instance in this forum, "this has nothing to do with AwareIM".
I could very easily create a WordPress website including a Wiki for the AwareIM community to share everything they learn about these "other solutions to AwareIM" topics.
I will propose it to the community in another post on this forum. We will see if other people could be interested to participate in the building of this knowledge base.

[customaware]

There is already a site totally dedicated to the Aware IM Developer Community and it is open to EVERY Aware IM Developer in the World FOR FREE.

https://awareimdevelopers.com

Developers (including you) are VERY welcome to register (FOR FREE) and add posts such as ...

Selling yourself, your products and/or services
Tips and Tricks
A Blog article.

So, while I am sure you could indeed easily create a WordPress site dedicated to the Aware IM Community it would guess your time would be better spent joining and contributing to the one that already exists.

It is intended to be there as the Knowledge Base you seek.

Additionally, awareimdevelopers.com also Organises and hosts a Annual Aware IM Developers International Conference (just had the last one in Providence, Rhode Island in April) which is an EXCELLENT opportunity to
get in amongst other Aware IM Developers from all over the World to exchange ideas. Previously they have been in Las Vegas, Bali and Brisbane.

BTW, The entire content, including the session recordings, sample apps, presentations and documentation for all of the past Conferences as well as the Zero To Hero Beginners Courses are available for purchase for those who
could not attend. Please see the Pinned Posts at the top of the forum.

Hope this helps and can't wait to read some of your Tips and Tricks.

Cheers.

[greenfrog]

Mark,
I was in Providence, at the last AwareIM conference.
And I had the opportunity to learn plenty of useful things directly from you with your Zero to Hero course.
But I am not speaking about all the questions the developers can have to solve when working with AwareIM.
AwareIM is a proprietary solution.
And, as far as I know, people outside of the AwareIM team do not have access to the code. So, only the AwareIM support team can deeply help with questions concerning AwareIM itself.
I am more focused on questions concerning how other solutions (OS, databases, Tomcat, APIs) can work with AwareIM. With a complete documentation, updates, and tests on very focused and technical topics.
And perhaps a dedicated tool could help more here than a broader spectrum tool.
In any case, I asked the question to the community in another post and I will take into account any answer.
Thanks for your suggestions.

[customaware]

Oh... Is that the guy who had the funny hat and drank way to much? ROTFL

I did not realise it was you.

No problem mate.

Look forward to any of the answers.

[greenfrog]

I am trying to use AwareIM as a white label.
This is why I don't use my company name, my first name or my last name.
So, if you don't mind, I would appreciate keeping a low personal profile.
So could you replace my first name with "old chap" or anything else, as you like it?
Thanks in advance!

[lineamovil]

Hello!

I wonder if you found the solution to this issue. I have the latest version of MySQL and AwareIM 8.2
I cannot "Display Documents" in some kind. Weird. But got a message:

-Exception while executing method DISPLAY DOCUMENT Exception class=com.bas.basserver.executionengine.ExecutionException message Error compiling report. Please see error messages in the console window.

Also:

Fri Dec 21 13:38:01 CST 2018 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.