Configuring MemSQL Ops for Secure Connections
As of version 4.
To enable SSL you need a private key and a certificate for MemSQL Ops, issued by a trusted Certificate Authority.key. and the certificate in cert..
Connect to MemSQL Ops primary agent, then follow the steps below.
-
Make sure to have your private key
key.and certificatepem cert..pem If you don’t have a key or certificate, you can generate a fresh RSA key and a self-signed certificate (replace location, organization name, and OPS_with the primary agent IP address or hostname, e.IP_ ADDRESS g. if you connect to Ops via http://192., then replace168. 0. 1:9000 OPS_withIP_ ADDRESS 192.):168. 0. 1 openssl req -x509 -newkey rsa:2048 -sha256 -keyout key.pem -out cert.pem \-nodes -subj "/C=US/ST=CA/L=San Francisco/O=My Org/CN=OPS_IP_ADDRESS" -
Install the key and certificate in MemSQL Ops
user-shell sudo memsql-ops ssl-set-cert -k key.pem -c cert. pem -
Restart MemSQL Ops
user-shell sudo memsql-ops restart [--ssl-port 9001]Make sure the SSL port (default 9001) is open and reachable on your primary agent host.
-
Reload the web page in the browser.
Note that, if you have generated a self-signed certificate as above, your browser won’t trust this certificate and will refuse to connect to MemSQL Ops.
You may want to ignore the error message or add the self-signed certificate to the browser’s trusted sources. Depending on the browser and operating system, the procedure is slightly different. If not familiar, SingleStore recommends searching the web with keywords add self signed certificate.Note
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.
(http://www. openssl. org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft. com).
Last modified: October 31, 2023