Problem description

Set up Talend Administration Center and SSL enabled on AWS RDS MySQL to transmit their data over SSL on a network from the DB Config page of Talend Administration Center.

Root cause

Talend Administration Center and AWS RDS MySQL are not securely transmitting their data over the network by default.

Solution

Add the JDBC URL with additional parameters to access the MySQL server that was SSL encrypted.

jdbc:mysql://<Endpoint>:3306/<DB_Name>?verifyServerCertificate=true&useSSL=true&requireSSL=true&trustCertificateKeyStoreUrl=file:///<Path_to_keystore>&trustCertificateKeyStorePassword=password

The command to generate keystore using the AWS bundled certificate using Java keytool is as follows:

keytool -import -alias <alias_name> -file rds-combined-ca-bundle.pem -keystore <name_of_keystore>

Example:

keytool -import -alias rdsmysql -file rds-combined-ca-bundle.pem -keystore rdskeystore

Note: This works on 7.2.1 only when you apply the TPS-3375 patch. Contact Talend Support to request the patch.

Tips: If you're still experiencing issues, add Djavax.net.debug=SSL in the setenv.sh file, to find out which certs are used by the configuration and to avoid the conflicts.