Skip to main content
Skip table of contents

Set up MariaDB in Certificate Manager

This article is valid for Certificate Manager 8.2 and later.

This article describes how to install and set up the MariaDB database, used in Smart ID Certificate Manager (CM).

For detailed information about how to install MariaDB, see the documentation available at https://mariadb.org/.

Prerequisites

  1. Install the MariaDB database according to the instructions for the downloaded MariaDB installation package.

  2. Extract the MariaDB database scripts create_db_and_role.sql and create_cmdb.sql, located at program_files/install/MariaDB, from the server installation zip file, cm_server_<version>.zip.

Step-by-step instruction

Edit settings on the MariaDB server

  1. Change the password for the lcmreq user, that will be created by the script below. The default password is REQreq01.

  2. Change the user host settings in the script to define which host address the user will access the database from. The default value is '%' which indicates that the user may use the database from any host.

  3. To enable interactive mode, login as superuser:

    CODE
    mysql --user=root --password
  4. Run the script, that creates the CMDB database, the lcmreq user and the cmdb_rw_role role, from the current interactive mode:

    CODE
    source create_db_and_role.sql >create_cmdb.log
  5. Check the log file.

  6. Run the script for creating the CMDB tables:

    CODE
    source create_cmdb.sql >create_cmdb.log
  7. Check the log file

Edit settings on the CM server

When installing the CM server, include the MariaDB JDBC component to create the database connection parameters, which are stored in the cm.conf configuration file.
https://mariadb.com/kb/en/about-mariadb-connector-j/

Secure the connection

TLS is disabled by default in the MariaDB server and it is advised to use TLS for the JDBC connection to the database server.

  1. Configure CM to connect to MariaDB using certificate authentication for both server and client certificates. A complete guide on how to enable TLS on the MariaDB server can be found here: https://mariadb.com/kb/en/securing-connections-for-client-andserver/.

  2. After completing the guide, add additional JDBC parameters to the cm.conf file to enable secure connection between CM and the database.

    1. Modify the JDBC connection url to force the driver to use TLS. More details regarding TLS with the MariaDB JDBC driver can be found here: https://mariadb.com/kb/en/using-tls-ssl-with-mariadb-java-connector/. To force the JDBC driver to use TLS, set the JDBC property useSSL to true, see this example: 

      CODE
      Database.name = jdbc:<mysql|mariadb>://<host>:<port>/<database>?<other_properties>&useSSL=true
    2. Configure a trust store by specifying a path to a trust store file that contains both root and intermediate certificates. Add the following parameters:

      CODE
      Database.security.1 = trustStore = <path_to_jks_or_p12_keystore_file>
      Database.security.2 = trustStorePassword = <keystore_password>
      ;If a PEM certificate is used as truststore
      Database.security.1 = serverSslCert = <path_to_pem_file>
    3. If client authentication is enabled or required on the MySQL server, specify a path to a key store file. To specify a client TLS certificate and key, add the following parameters:

      CODE
      Database.security.3 = keyStore = <path_to_jks_or_p12_keystore_file>
      Database.security.4 = keyStorePassword = <keystore_password>

If client authentication is enabled, the database password can be removed (or commented out) from cm.conf. However, the username still needs to be present.

Additional information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.