Connections > MySQL connection properties > SSL properties
  

SSL properties

You can configure a MySQL connection to use SSL to securely communicate with the MySQL database.
Note: You can enable SSL for a MySQL connection only when you use the 8.x MySQL JDBC and ODBC drivers. Ensure that both the MySQL JDBC and ODBC drivers are of 8.x version.
To configure SSL, you must first download and install the MySQL ODBC and JDBC drivers, version 8.x. For information about installing the MySQL ODBC and JDBC drivers, version 8.x, see the Knowledge Base article: 561573
After you install the drivers, in the MySQL connection properties, enable SSL and specify the TLS protocols that you want to use for the secure communication.
When you enable SSL for the MySQL connection, you must configure the SSL properties for both the MySQL JDBC and ODBC drivers. Configure the required SSL properties for the JDBC driver, so that the Secure Agent can access metadata securely from MySQL. Also, configure the required SSL properties for the ODBC driver, so that the Secure Agent runs mappings to securely read from or write data to MySQL.
Note: SSL is not applicable when you use the Hosted Agent. You can configure SSL when you use the Secure Agent or the serverless runtime environment.
The following table describes the MySQL connection SSL properties:
Connection property
Description
Use SSL
Determines whether the Secure Agent establishes a secure connection to the MySQL database.
When you select this option and the database server supports SSL, the Secure Agent establishes an encrypted connection. If the MySQL database server cannot configure SSL, the connection either fails or the Secure Agent establishes an unencrypted connection depending on whether you enable or disable the Require SSL checkbox.
If you do not select the Use SSL checkbox, the Secure Agent attempts to establish an unencrypted connection.
Verify Server Certificate
If you select Use SSL and select this option, the client validates the server certificate that is sent by the database server.
Require SSL
Applicable only if you select Use SSL.
If you select the Require SSL checkbox, and the MySQL database supports SSL, the Secure Agent establishes an SSL connection.
If you select the Require SSL checkbox, and the MySQL database cannot configure SSL, the Secure Agent attempts to establish an SSL connection but fails.
If you clear the Require SSL checkbox, and the MySQL database cannot configure SSL, the Secure Agent establishes an unencrypted connection.
TLS Protocols
The TLS protocols used for the secure communication when you select Use SSL.
You can select from the following protocols:
  • - TLSv1
  • - TLSv1.1
  • - TLSv1.2
Default is TLSv1.2. The TLSv1 and TLSv1.1 protocols are not applicable.
The following table describes the MySQL connection properties for the JDBC driver version 8.x when you enable Use SSL:
Connection property
Description
Trust Certificate Key Store
The path and file name of the truststore file. You must prefix the file path with file colon (file:).
For example, file:C:\SSL\mysql_new\truststore
For the serverless runtime environment, specify the following certificate path in the serverless agent directory:
/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<TrustStore_filename>
Trust Certificate Key Store Password
The password for the truststore file.
Client Certificate Key Store
The path and file name of the keystore file. You must prefix the file path with file colon (file:).
For example, file:C:\SSL\mysql_new\keystore
For the serverless runtime environment, specify the following certificate path in the serverless agent directory:
/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<KeyStore_filename>
Client Certificate Key Store Password
The password to access the keystore file.
JDBC Cipher Suites
Colon-separated cipher suite values in RFC format.
For example:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
The following table describes the MySQL connection properties for the ODBC driver version 8.x when you enable Use SSL:
Connection property
Description
SSL Certificate Authority
The path and name of the CA certificate.
For example, C:\SSL\mysql_new\ca.pem
SSL Certificate
The path and name of the client certificate.
For example, C:\SSL\mysql_new\client-cert.pem
SSL Key
The path and the name of the private key of the client.
For example, C:\SSL\mysql_new\client-key.pem
SSL Cipher
Colon-separated cipher-suite values in OpenSSL format.
For example:
ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-RSA-AES128-GCM-SHA256:
Verify Server's Identity
Verifies the host name in the certificate while verifying the server CA certificate.
This property is applicable only when you enable Verify Server Certificate in the SSL properties.