Please enable JavaScript to view this site.

warning_32

Encrypting traffic between the database and the agents is generally not necessary when utilizing the collector service, introduced in EventSentry v3.2.

 

First, install OpenSSL from http://slproweb.com/products/Win32OpenSSL.html in order to create the required certificates.

 

Open the command prompt as an administrator (Run as administrator) and navigate to the OpenSSL directory (c:\OpenSSL-Win32 by default):

 

1.  Set the environment variable for OPENSSL_CONF:

 

         set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg

 

2.  Generate a CA certificate:

 

         openssl genrsa 2048 > ca-key.pem

         openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem -out ca-cert.pem

 

3.  Generate a server certificate:

         

         openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout server-key.pem -out server-req.pem

         openssl x509 -sha1 -req -in server-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

         openssl rsa -in server-key.pem -out server-key.pem

 

4.  Generate a client certificate:

 

         openssl req -sha1 -newkey rsa:2048 -days 3650 -nodes -keyout client-key.pem -out client-req.pem

         openssl x509 -sha1 -req -in client-req.pem -days 3650 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem

         openssl rsa -in server-key.pem -out server-key.pem

         

5.  Create a subfolder in the main MYSQL directory named "MySQL-SSL" and transfer the files there.

 

6.  Update my.ini and add the following lines

 

         [client]

         ssl-ca=C:\Program Files\MySQL\MySQL-SSL\ca-cert.pem

         ssl-cert=C:\Program Files\MySQL\MySQL-SSL\client-cert.pem

         ssl-key=C:\Program Files\MySQL\MySQL-SSL\client-key.pem

 

         [mysqld]

         ssl-ca=C:\Program Files\MySQL\MySQL-SSL\ca-cert.pem

         ssl-cert=C:\Program Files\MySQL\MySQL-SSL\server-cert.pem

         ssl-key=C:\Program Files\MySQL\MySQL-SSL\server-key.pem

 

7.  Restart the MySQL server.

 

8.  Transfer the generated files to your EventSentry server

 

9.  From within EventSentry Management Console click the "Actions" tab and select or add "Database"

 

10.  On the right panel click "Manage ODBC ..."

 

 ManageODBC

 

 

11. Click "System DSN" and "Add..."        

 

12. Select "MySQL ODBC 5.1 Driver" from the list and click "Finish"

 

 MySQLDriver

 

 

13. Insert your information into the prompt and click "Details > >"

 

 MySQLConnector

 

 

14. Click the SSL tab and setup the following fields:

 

         SSL Key: This is the client-key.pem file

         SSL Certificate: This is the client-cert.pem file

         SSL Certificate Authority: This is the ca-cert.pem file

         SSL CA Path: This path is where the previous three files reside.

 

 MySQLDetails

 

 

15. Deploying the client certificate files

 

         The three client certificate files need to be deployed to all agents transmit data encrypted to the MySQL server. The files can be deployed manually, using an existing 3rd party solution, or using the free AutoAdministrator tool ("File Management" feature) from NETIKUS.NET.

 

16. Click "Test" and you should have a successful connection using SSL.