EventSentry Best Practices

 

First, install OpenSSL from http://slproweb.com/products/Win32OpenSSL.html in order to create the required certificates.

 

Open the command prompt as an administrator (Run as administrator) and navigate to the OpenSSL directory (c:\OpenSSL-Win32 by default):

 

1.  Set the environment variable for OPENSSL_CONF:

 

         set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg

 

2.  Generate a CA certificate:

 

         openssl genrsa 2048 > ca-key.pem

         openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem -out ca-cert.pem

 

3.  Generate a server certificate:

         

         openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout server-key.pem -out server-req.pem

         openssl x509 -sha1 -req -in server-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

         openssl rsa -in server-key.pem -out server-key.pem

 

4.  Generate a client certificate:

 

         openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout client-key.pem -out client-req.pem

         openssl x509 -sha1 -req -in client-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem

         openssl rsa -in server-key.pem -out server-key.pem

         

5.  Create a subfolder in the main MYSQL directory named "MySQL-SSL" and transfer the files there.

 

6.  Update my.ini and add the following lines

 

         [client]

         ssl-ca=C:\Program Files\MySQL\MySQL-SSL\ca-cert.pem

         ssl-cert=C:\Program Files\MySQL\MySQL-SSL\client-cert.pem

         ssl-key=C:\Program Files\MySQL\MySQL-SSL\client-key.pem

 

         [mysqld]

         ssl-ca=C:\Program Files\MySQL\MySQL-SSL\ca-cert.pem

         ssl-cert=C:\Program Files\MySQL\MySQL-SSL\server-cert.pem

         ssl-key=C:\Program Files\MySQL\MySQL-SSL\server-key.pem

 

7.  Restart the MySQL server.

 

8.  Transfer the generated files to your EventSentry server

 

9.  From within EventSentry Management Console click the "Actions" tab and select or add "Database"

 

10.  On the right panel click "Manage ODBC ..."

 

 

 

 

11. Click "System DSN" and "Add..."        

 

12. Select "MySQL ODBC 5.1 Driver" from the list and click "Finish"

 

 

 

 

13. Insert your information into the prompt and click "Details > >"

 

 

 

 

14. Click the SSL tab and setup the following fields:

 

         SSL Key: This is the client-key.pem file

         SSL Certificate: This is the client-cert.pem file

         SSL Certificate Authority: This is the ca-cert.pem file

         SSL CA Path: This path is where the previous three files reside.

 

 

 

 

15. Deploying the client certificate files

 

         The three client certificate files need to be deployed to all agents transmit data encrypted to the MySQL server. The files can be deployed manually, using an existing 3rd party solution, or using the free AutoAdministrator tool ("File Management" feature) from NETIKUS.NET.

 

16. Click "Test" and you should have a successful connection using SSL.