JDBC input with SSL enabled

Hi,

Earlier I was using logstash jdbc plugin to input mongodb data which was working fine. Now we have made changes to our mongodb and enabled SSL , replicaset with self signed certificate.

I am not sure how can I give my CA information in JDBC input or connection string.

Earlier configuration which was working without ssl is

input {
jdbc {
jdbc_driver_library =>""
jdbc_driver_class => "com.dbschema.MongoJdbcDriver"
jdbc_connection_string => "jdbc:mongodb://username:password@IP:PORT/db_name?authSource=admin"
jdbc_user => ""
jdbc_validate_connection => true
schedule => "* * * * * * UTC"
statement => "db.getCollection('Dbname').find({})"
   }
}

my new connection string looks like this

mongodb://username:password@IP1:PORT1,IP2:PORT2,IP3:PORT3/db_name?authSource=admin&replicaSet=mongodb-replica&ssl=true&sslAllowInvalidCertificates=true

help is really appreciated.

Thanks,
chandra kanth

I resolve this by adding Certificate authority file to keystore. Below are steps that I did.

  1. By changing the mongo-java-driver-3.6.4.jar to mongo-java-driver-3.12.0.jar
  2. By changing mongojdbc1.2.jar to mongojdbc1.7.jar.
  3. copying ca.pem file to path /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/
  4. adding ca.pem to keystore with below command.
    keytool -keystore cacerts -storepass enterkeystorepassword -noprompt -trustcacerts -importcert -alias testdbcert -file ca.pem
  5. changing the connection string in logstash input to
 mongodb://username:password@IP1:PORT1,IP2:PORT2,IP3:PORT3/db_name?authSource=admin&replicaSet=mongodb-replica&ssl=true&sslInvalidHostNameAllowed=true

Hope this will be helpful to someone else.

1 Like