AppDynamics Documentation 4.5.x Database Visibility Administer the Database Agent Configure the Database Agent Enable SSL and SSH for Database Agent Communications Current: Monitor SSL-enabled MySQL on Amazon RDS PDF Download PDF Download page Monitor SSL-enabled MySQL on Amazon RDS. Current page All pages Monitor SSL-enabled MySQL on Amazon RDS To monitor a MySQL instance that uses SSL connections, enable MySQL in SSL mode, consulting the online documentation appropriate to your deployment. Download the files shown below as they are required to complete this procedure:ca.pemserver-cert.pemserver-key.pemclient-cert.pemclient-cert.keyRun the following commands at the command line. Substitute URLs and other information from your deployment for the placeholders in the examples.Test your local SSL connection mysql -h ec2-11-111-111-11.us-west-2.compute.amazonaws.com -u Testssl --ssl-ca=/etc/certs/ca.pem --ssl-cert=/etc/certs/server-cert.pem --ssl-key=/etc/certs/server-key.pem -p BASH Verify the remote connection mysql -h ec2-11-111-111-11.us-west-2.compute.amazonaws.com -u Testssl --ssl-ca=/home/appdynamics/cert/ca.pem --ssl-cert=/home/appdynamics/cert/client-cert.pem --ssl-key=/home/appdynamics/cert/client-key.pem -p BASH Import the ca.pem file to the default truststore sudo keytool -importcert -alias MySQLCACert -file ca.pem -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit BASH Do not forget the password, as you need it in step 7Convert the client key and certificate files to a PKCS #12 archive openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -name "mysqlclient" -passout pass:changeit -out client-keystore.p12 BASH Import the client key and certificate into a Java keystore sudo keytool -importkeystore -srckeystore client-keystore.p12 -srcstoretype pkcs12 -srcstorepass changeit -destkeystore $JAVA_HOME/jre/lib/security/cacerts -deststoretype JKS -deststorepass changeit BASH Verify that the certificate was added keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass mypassword BASH Start the db-agent after ensuring that the following properties are added /<full path to application JRE>/bin/java -jar -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStore=$JAVA_HOME/jre/lib/security/cacerts -Djavax.net.ssl.keyStorePassword=changeit db-agent.jar BASH In the Controller, create a new collector for MySQLIn the Configuration screen, add the connection property with Property Name "useSSL" and Property Value "true" Alternatively, you can also use the following custom connection string:jdbc:mysql://<RDS-Hostname>:<RDS-Port>/database?useSSL=true ×
