I have Netxms 3.8 installed on Debian 10. On a separate machine, I have MariaDB 10.5 installed on Debian 10. (I used DEBs from MariaDB repo) I'd like to force TLS between NetXMS Server & MariaDB Server. I have MariaDB setup with SSL enabled:
and created the database and user:
Here is my NetXMS configuration:
But I can't seem to get a connection working. NXDBMGR INIT tells me Access denied, probably because it's not presenting the X509 cert & key to MariaDB. Where do I drop my user cert & key in NetXMS, and how do I configure mariadb driver to use X509?
Code Select
MariaDB [(none)]> show global variables like '%ssl%';
+---------------------+--------------------------------+
| Variable_name | Value |
+---------------------+--------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /etc/mysql/ssl/ca.pem |
| ssl_capath | |
| ssl_cert | /etc/mysql/ssl/server-cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | /etc/mysql/ssl/server-key.pem |
| version_ssl_library | OpenSSL 1.1.1d 10 Sep 2019 |
+---------------------+--------------------------------+
and created the database and user:
Code Select
MariaDB [(none)]> show grants for [email protected];
+---------------------------------------------------------------------+
| Grants for [email protected] |
+---------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `netxms`@`netxms.mgmt.lan` REQUIRE X509 |
| GRANT ALL PRIVILEGES ON `db_netxms`.* TO `netxms`@`netxms.mgmt.lan` |
+---------------------------------------------------------------------+
Here is my NetXMS configuration:
Code Select
## Logging
# Log file name
LogFile=/var/log/netxmsd
# Increase logging verbosity, 0 (only errors) to 9 (verbose debug)
DebugLevel=0
## Database configuration.
DBDriver=mariadb.ddr
DBServer=mariadb.mgmt.lan
DBName=db_netxms
DBLogin=netxms
DBPassword=
But I can't seem to get a connection working. NXDBMGR INIT tells me Access denied, probably because it's not presenting the X509 cert & key to MariaDB. Where do I drop my user cert & key in NetXMS, and how do I configure mariadb driver to use X509?