Hello everyone,
Can anyone explain to me how to add a new MySQL database to Metabase with client certificates. I can’t add the database without the certificates & key.
Hi @M.tt! what you are seeing is this one: https://github.com/metabase/metabase/issues/1350
check the thread for a solution, have a nice day!
Luis
@Luiggi Thank you for your support. I have done the following.
keytool -importcert -alias MySQLCACert -file ca.pem -keystore truststore -storepass Jka#i&1
openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -name “mysqlclient” -passout pass:Jka#i&1 -out client-keystore.p12
keytool -importkeystore -srckeystore client-keystore.p12 -srcstoretype pkcs12 -srcstorepass Jka#i&1 -destkeystore keystore -deststoretype JKS -deststorepass Jka#i&1
Additional JDBC connection string options:
clientCertificateKeyStoreUrl=file: /mysql_certs/ clientCertificateKeyStorePassword= Jka#i&1
still got an error, do I have something missing? or my connection string is incorrect?
@M.tt Let’s keep everything in one thread: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I was able to connect my Metabase v0.39.1 to a data source DB, TiDB 5.0.0-rc (mysql compatible cloud DB) via SSL by making 2 changes on the metabase UI config:
-
Turn on SSL
-
Copy/paste TiDB server-cert.pem OR ca-cert.pem into the certificate box. The server-cert.pem is the cert you generated while setting up the DB server SSL
- Note, pasting a client-cert.pem OR client-key.pem does NOT work
- the DB user has 'REQUIRE SSL' enabled
-
Additional JDBC connection string options = '' (blank, empty)
Still trying to figure out how to connect Metabase to a data source TiDB via a user with 'REQUIRE X509' enforcement with supplied client-{cert,key}.pem