Restore SSL Encryption for MySQL

SSL encryption for MySQL must be disabled to upgrade the RiskVision Server. After upgrading the RiskVision Server components, restore the SSL encryption for MySQL.

To restore SSL encryption:

  1. Go to the %AGILIANCE_HOME%\MySQL\config directory. Open the my.ini file using a text editor. The upgrade process will overwrite the old my.ini file. Once the backup for the RiskVision configuration is complete, changes must be completely backed up. For more information, see Backing up the RiskVision Configuration. Locate the Client and Server Sections in the my.ini file and uncomment the lines shown in the sections below.
  • Client section

#ssl-ca="~/ca-cert.pem"
#ssl-cert="~/client-cert.pem"
#ssl-key="~/client-key.pem"
#ssl-cipher=DHE-RSA-AES256-SHA

  • Server section

#ssl-ca="~/ca-cert.pem"
#ssl-cert="~/server-cert.pem"
#ssl-key="~/server-key.pem"
#ssl-cipher=DHE-RSA-AES256-SHA
Where "~" denotes certificate's directory

  1. Go to the backup folder location where the old my.ini file resides. Open the file using a text editor. Look for the custom settings that you made before upgrading the RiskVision Server. For example, you might have set the MySQL database port other than 3306. Carefully incorporate all such settings from the old my.ini file into the new my.ini file.

Apply the custom setting to the new my.ini file by manually editing the new my.ini file. Do not overwrite the new my.ini file with the old my.ini file.

  1. Go to the %AGILIANCE_HOME%\config directory, open the agiliance.properties file using a text editor, and perform the following changes:
    • Set the property to: database.mysql.url=jdbc:mysql://<Database_Hostname>:<port_number>/?verifyServerCertificate=true&useSSL=true&requireSSL=true 

      By default, the MySQL database port number is 3306.
    • Uncomment the property: #database.mysql.useSSL=true
  2. Connect to the MySQL database and run the following commands to enable the SSL encryption:
    mysql > GRANT USAGE ON .* TO 'agliance'@'<DB hostname>' REQUIRE SSL;
    mysql > GRANT USAGE ON .* TO 'reportuser'@'<DB hostname>' REQUIRE SSL;
    mysql > FLUSH PRIVILEGES;
  3. Restart the RiskVision Tomcat and RiskVision MySQL services to apply the latest changes.

Related Articles

New Articles