Hi, I too got the same warning when setting up a distributed deployment of APIM 2.1.0. The work around was as follows:
1) If you are running the API Manager nodes and the MySQL DB in the same machine, - Follow the guide[1] to create a new keystore to the server where the nodes are running. (Name the keystore as wso2carbon.jks and use password "wso2carbon" so that you do not need to change any configurations in the APIM) - Then export the public key from of the newly created keystore and then import it to the "client-truststore.jks" file that can be found in "<APIM_HOME>/repository/resources/security" - Replace the "wso2carbon.jks" in the same directory with the newly created "wso2carbon.jks" keystore. 2) If you are running APIM and MySQL in two separate servers, then you will have to follow the above steps for both servers and also import the public key of one server to the client-truststore.jks of the other and vice-versa. For more information on keytool, please follow [2] [1] https://docs.wso2.com/display/ADMIN44x/Creating+New+Keystores#CreatingNewKeystores-Creatingakeystoreusinganewcertificate [2] https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html Hope this helps. Thanks, Viduranga. On Thu, Nov 16, 2017 at 11:31 PM, Maneesha Wijesekara <[email protected]> wrote: > Hi Dushantha, > > In addition to Sashika's suggestion, you can omit this warning by using > ssl while disabling server certificate verification to establish the > connection. > > jdbc:mysql://localhost:3306/carbon_db > *?verifyServerCertificate=false&useSSL=true* > > Regards > Maneesha > > On Thu, Nov 16, 2017 at 10:24 PM, Sashika Wijesinghe <[email protected]> > wrote: > >> Hi Dushantha, >> >> As defined in the warning message, you should be able to get rid of this >> by disabling JDBC trying to connect to DB over SSL by configuring the JDBC >> String as below. >> >> jdbc:mysql://localhost:3306/carbon_db?autoReconnect=true& >> *useSSL=false* >> >> Regards, >> Sashika >> >> On Thu, Nov 16, 2017 at 7:32 PM, Dushantha Batuwita <[email protected]> >> wrote: >> >>> Hi Dev; >>> >>> I'm involved in setting up a cluster in local machine with port offset. >>> For the time being, consider the setup is consisted of APIM 2.1.0 and IS as >>> KM 5.3.0 >>> I have followed the [1] Configuring WSO2 Identity Server as a Key >>> Manager document. >>> >>> I have set up MySQL databases as it has been described in the document >>> (e.g. WSO2UM_DB, WSO2REG_DB, WSO2AM_DB) >>> and configured those in the <PRODUCT_HOME>/repository >>> /conf/datasources/master-datasources.xml >>> >>> Both nodes have been lifted without error. >>> >>> My question is >>> >>> When the APIM starts up a warning is shown as bellow. Please let me know >>> how to avoid the said warning. >>> >>> Establishing SSL connection without server's identity verification is >>> not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ >>> requirements SSL connection must be established by default if explicit >>> option isn't set. For compliance with existing applications not using SSL >>> the verifyServerCertificate property is set to 'false'. You need either to >>> explicitly disable SSL by setting useSSL=false, or set useSSL=true and >>> provide truststore for server certificate verification. >>> >>> many thanks >>> -- >>> *Dushantha Nayanajith Chandima Batuwita* >>> Software Engineer Support | WSO2 >>> [email protected] >>> mobile : 0094777453010 >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> *Sashika WijesingheSoftware Engineer - QA Team* >> Mobile : +94 (0) 774537487 >> [email protected] >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Maneesha Wijesekara > Software Engineer - QA Team > WSO2 Inc. > > Email: [email protected] > Linkedin: http://linkedin.com/in/maneeshawijesekara > Mobile: +94712443119 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Regards, *Viduranga Gunarathne* *Software Engineer Intern* *WSO2* Email : [email protected] Mobile : +94712437484 Web : http://wso2.com [image: https://wso2.com/signature] <https://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
