Hello everyone,

Can anyone explain to me how to add a new MySQL database to Metabase with client certificates. I can’t add the database without the certificates & key.

Hi @M.tt! what you are seeing is this one: https://github.com/metabase/metabase/issues/1350

check the thread for a solution, have a nice day!
Luis

@Luiggi Thank you for your support. I have done the following.

keytool -importcert -alias MySQLCACert -file ca.pem -keystore truststore -storepass Jka#i&1

openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -name “mysqlclient” -passout pass:Jka#i&1 -out client-keystore.p12

keytool -importkeystore -srckeystore client-keystore.p12 -srcstoretype pkcs12 -srcstorepass Jka#i&1 -destkeystore keystore -deststoretype JKS -deststorepass Jka#i&1

Additional JDBC connection string options:
clientCertificateKeyStoreUrl=file: /mysql_certs/ clientCertificateKeyStorePassword= Jka#i&1

still got an error, do I have something missing? or my connection string is incorrect?

@M.tt Let’s keep everything in one thread: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I was able to connect my Metabase v0.39.1 to a data source DB, TiDB 5.0.0-rc (mysql compatible cloud DB) via SSL by making 2 changes on the metabase UI config:

1. Turn on SSL

2. Copy/paste TiDB server-cert.pem OR ca-cert.pem into the certificate box. The server-cert.pem is the cert you generated while setting up the DB server SSL

   • Note, pasting a client-cert.pem OR client-key.pem does NOT work
   • the DB user has 'REQUIRE SSL' enabled

3. Additional JDBC connection string options = '' (blank, empty)

Still trying to figure out how to connect Metabase to a data source TiDB via a user with 'REQUIRE X509' enforcement with supplied client-{cert,key}.pem