Hi everyone!
I have a Cloud SQL ( MySQL 8.0) in GCP.
I want to use a secure connection - for this, I enabled the SSL
when I try to configure this connection in the metabase I get an error
> Could not connect to address=(host=xx.xxx.xx.xx)(port=3306)(type=master) : (conn=6121) SSL hostname verification failed : IPv4 host "xx.xxx.xx.xx" doesn't correspond to certificate CN "database:staging-mysql8" This verification can be disabled using the option "disableSslHostnameVerification" but won't prevent man-in-the-middle attacks anymore
is there any other way or possibility to connect to my database without using disableSslHostnameVerification=1 key?
I am running into the same issue. I am using Google Cloud SQL. When creating the certificate from Google Cloud, there is no option to qualify the name. It just gave me a client-key.pem, client-cert.pem and a server-cs.pem file.
Hi
I don't know exactly your setup, but let's say that you are using an instance with MB on it and GCP SQL
in MB settings in Additional JDBC connection string options
use next
disableSslHostnameVerification=true&sslca=/folder/server-ca.pem&sslcert=/folder/client-cert.pem&sslkey=/folder/client-key.pem
you need to put these 3 files into your instance
and then lmk if it works
We are using Metabase Cloud connecting to Google Cloud SQL. so there is no where to put the server-ca.pem, client-cert.pem and client-key.pem. I tried putting the values into the section shown here:
But I get the following error when I do:
Could not connect to address=(host=[HIDDEN])(port=3306)(type=master) : (conn=85048) SSL hostname verification failed : IPv4 host "[HIDDEN]" doesn't correspond to certificate CN "[HIDDEN]" and SAN[{DNS:"[HIDDEN]"}] This verification can be disabled using the option "disableSslHostnameVerification" but won't prevent man-in-the-middle attacks anymore
Thank you. I got it working. I addd the disableSslHostnameVerification=true to the JDBC options. Not perfect, but at least now my database in GCP will only accept SSL connections.
Also, please contact support when you have issues, remember that you get priority support when running on our cloud while the forum is just best effort