I have solved this mostly...
For whatever reason when running with the v5.x J Connector for MySQL the useSSL=false flag is ignored.
So in order to fix this you need to use SSL which requires a client certificate, a client key and a server certificate.
Depending on how your mySQL is setup it will affect how you obtain these, so you need to do a bit of googling.
You then need to add these to your server keystore and truststore (or create yourself a new keystore).
Then you need to explicitly refer to them in your connection string which will then look like:
Code: Select all
DriverURL=jdbc:mysql://localhost/BASDB?user=[DbUser]&password=[DbUserPassword]&useSSL=true&clientCertificateKeyStoreUrl=file:/opt/cert/keystore&clientCertificateKeyStorePassword=[yourKeyStorePassword]&clientCertificateKeyStoreType=JKS&trustCertificateKeyStoreUrl=file:/opt/cert/truststore&trustCertificateKeyStoreType=JKS&trustCertificateKeyStorePassword=[yourTrustStorePassword]
DriverTestURL=jdbc:mysql://localhost/BASDBTEST?user=[DbUser]&password=[DbUserPassword]&useSSL=true&clientCertificateKeyStoreUrl=file:/opt/cert/keystore&clientCertificateKeyStorePassword=[yourKeyStorePassword]&clientCertificateKeyStoreType=JKS&trustCertificateKeyStoreUrl=file:/opt/cert/truststore&trustCertificateKeyStoreType=JKS&trustCertificateKeyStorePassword=[yourTrustStorePassword]
BootstrapURL=jdbc:mysql://localhost/?user=[DbUser]&password=[DbUserPassword]&useSSL=true&clientCertificateKeyStoreUrl=file:/opt/cert/keystore&clientCertificateKeyStorePassword=[yourKeyStorePassword]&clientCertificateKeyStoreType=JKS&trustCertificateKeyStoreUrl=file:/opt/cert/truststore&trustCertificateKeyStoreType=JKS&trustCertificateKeyStorePassword=[yourTrustStorePassword]
You will obviously need to use the correct file path for your keystore and truststore.
Setting this up reduced the number of SSL WARN messages from 1 octillion (give or take a billion) down to about 30. These 30 seem to be related to internal AIM things such as:
Code: Select all
'PublicHolidays' property not found in property file
Wed Jul 26 06:46:33 UTC 2017 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
and
Code: Select all
Tomcat: INFO: Destroying ProtocolHandler ["ajp-nio-8009"]
Process status: Tomcat: Process finished
Wed Jul 26 06:48:43 UTC 2017 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
Wed Jul 26 06:48:43 UTC 2017 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
Server encountered an exception Error reading business space version from persistence Illegal operation on empty result set.
Which makes me think they are internal database calls