Configuration of SSL connection to Database


#1

Hello,

we installed the Mattermost Enterprise Edition and currently face a problem with the configuration of a secure database connection.

We want to use the MySQL-Server within our intranet as database for Mattermost and the database connection has to be encrypted with SSL/TLS. Our current SqlSettings look like this:

"DriverName": "mysql",
"DataSource": "database_user:password@tcp(mysql.server:3306)/database_name?charset=utf8&timeout=90s&tls=true"

Do you have an advise how to configure the details for the database connection over SSL/TLS?

We tried the tls=custom url parameter in the DataSource string but couldn’t find a way to set the required TLSConfig object using the config files. With tls=true we get the following error:

Failed to ping db err:tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config

Using the tls=skip-verify option works to establish an connection, but doesn’t meet our security requirements.

We would be grateful for a good hint.


#2

I have done things like this with SSH tunnels. That’s very reliable and as secure as TLS.


#3

Thanks for your reply.
You´re right, but this solution isn´t wanted by our administration.
Is there a native way using the mattermost server config?


#4

I’m not aware of a way to put SSL on a MySQL connection. But I may be wrong.


#5

Well, we configured our MySQL server to only accept an SSL encrypted mysql connection for the database/user combination on which the mattermost server depends.

As i said, by using tls=skip-verify the connection is established, but mattermost doesn´t verify the certificate.

So we search for a way to tell mattermost which root certificate to use, so the mysql server certificate can be verified.


#6

Answer from Mattermost Support:


#7

Hi,
how to setup MySQl DB for mattemost on windows.
Thanks