Start a new topic

Connecting to AWS RDS MySql with SSL Required

I'm looking at DbVis to work with MySql on AWS RDS using SSL. I'm reasonably certain that in order to make this work I have to add the AWS RDS PEM to the JDK but I cannot find a definitive answer. With MySql Workbench I point the SSL CA to the downloaded AWS RDS PEM file.


Can someone point me to directions on using a custom PEM for required SSL in DbVis?


Will,


We have no experience with PEM files. Perhaps the following might help:

https://forums.aws.amazon.com/message.jspa?messageID=827018


And of course, you are welcome if you have any questions how to point DbVisualizer to custom key stores, etc.


Regards


Roger

The PEM is just all the certs in the chain in one file. I used scripts I put together for Java Spring Boot and Docker access after researching around the Web.

1. Locate the cacerts file in the Java library being used by DBVis. I'm on a Mac so it's in

cd /Applications/DbVisualizer.app/Contents/PlugIns/jre.bundle/Contents/Home/lib/security

This article was helpful - How do I change the Java version that DbVisualizer use?


2. Make a copy of the cacerts file.

3. Download the AWS RDS PEM file and break up the PEM file into a directory.

cd ./rds-ca
wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
# split the bundle into individual certs (prefixed with xx)
csplit -sz rds-combined-ca-bundle.pem '/-BEGIN CERTIFICATE-/' '{*}'
rm rds-combined-ca-bundle.pem

4. Add the individual certs to the cacerts file with this command

for CERT in xx*; doB
    echo "importing $CERT"

    keytool -import \
        -keystore ../cacerts \
        -storepass [your-password-here] -noprompt \
        -alias "rds${CERT}" -file ${CERT}
done

 5. Verify the certs are in place

keytool -list \
    -keystore ./cacerts  \
    -storepass [your-password-here] -noprompt |
    grep -i rds

6. Properties: useSSL=true, requireSSL=true and SSL_MODE=VERIFY_CA. I'm not sure what version of Connector/J is being included so I might only need SSL_MODE per MySQL - Connecting Securely Using SSL

7. Open DBVis and connect to my RDS instance.

Login or Signup to post a comment