How to add ssl certificate for MySQL connection for metricbeat

Where can i add the SSL certificate to connect to MySQL server when i configure the MySQL module file (mysql.yaml)?

Sorry if this is something obvious but i can't find it anywhere.

https://www.elastic.co/guide/en/beats/metricbeat/current/configuration-ssl.html

Here it says that there is an example to use a module with SSL but the ssl.verification mode is set to none and there is no place to specify where the SSL certificate is located.

https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-mysql.html

Even in the MySQL module there is no mention of applying an SSL certificate to the configuration file

Hi @Aurel_Drejta - Can you add the tls parameter in your host DSN and check if that works?

Hi @ropc

It seems that got me closer to a solution but i have a tiny hiccup now.

I'm trying to connect to a MySQL instance hosted in AWS RDS and when i try to connect to it the metricbeat logs display "x509: certificate signed by unknown authority"

Any idea how i can add the AWS RDS certificate in order to use a tls connection?
The RDS certificates are public and i have them downloaded from their website.

Or do i have to do something else?

I'll try to do this in an EC2 instance to see if maybe the instance will trust the authority.

@Aurel_Drejta - I do not think there is any option right now in the MySQL module or Metricbeat to specify a list of trusted certificates to connect to the database. If you use the tls=true option, what you could do is to:

That should do the trick (I tested it in my lab).

@ropc - Yep that did the trick. Thank for the help, i very much appreciate it.

I think the MySQL module for Metricbeat should add an option to specify the certificate you can use to connect.
( Just an idea for future improvements )

1 Like

@Aurel_Drejta I opened a Github issue in the beats repository. You can subscribe to it for further updates. Thanks again for your collaboration and I am glad we solved your problem :slightly_smiling_face:

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.