As of Datameer version 6.0, only versions 5.5 and above are supported for MySQL.
A MySQL client can establish an encrypted connection to a MySQL server. In standard configuration, a client connection is unencrypted, which can lead to data being intercepted on the way. The MySQL encryption can be done separately for each client connection, so both encrypted and unencrypted connections can be used simultaneously. It can also be configured as required for individual connections.
You need to issue certificates with 2048 bits and a validity of 3650 days. After this period, the certificates must be renewed or recreated. Depending on your requirements, you might lower the time frame for validity.
Copy client certificate
Copy the required certificate
client-key.pem to the Datameer client into directory
Enabling SSL on MySQL Server
Modify the MySQL server configuration to activate the usage of SSL with the accompanying certificates.
Activate server config
mysqld to make the configuration on the server active.
Check server config
Check if the configuration has been activated.
Preparing the MySQL Database
There are several ways to assign rights for users with SSL:
- Require X509: Any valid SSL client certificate can be used.
- Require Issuer/Require Subject: The SSL client certificate must come from a specified CA with specific issuer and/or contain a specific subject.
- Require SSL: The connection must be established via SSL encrypted. The authentication can be done either using a password or a SSL client certificate.
In the below example, if the
dap user is required to use SSL and has access to
ALL PRIVILEGES for all tables in dap.*, a limitation to the localhost isn't necessary as encryption on the same server is often not required. Instead, SSL should take the IP from which encrypted access is required.
Initialize the application database
Create the database and the user.
REQUIRE SSL forces the created user to use SSL.
Test the configuration of the MySQL service from the Datameer application server.
Create MySQL tables required by Datameer.
Enabling SSL on Datameer Client
To create an encrypted connection from Java to the MySQL service, you need to have a trusted certificate and make the Datameer service aware of the encrypted connection.
Trust server certificate
The JVM needs to trust the MySQL service custom certificate.
Add Java truststore to environment
truststore in your Datameer environment to make sure that the JVM is using the correct store. To do so, edit
Modify the connection URL
Make the Datameer service aware that the external MySQL service is using SSL. Edit the connection.url in
persistence.xml and include
Finally, start the Datameer service.