Announcement

Collapse
No announcement yet.

Connecting to remote DB ("mirthdb") using SSL

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Connecting to remote DB ("mirthdb") using SSL

    Solved! For posterity, the following is how I set this up (MySQL), perhaps it will be helpful to someone in the future...

    1. Set database username and password in mirth.properties
    2. Set `database = mysql` and `database.url = jdbc:mysql://<server>:<port>/mirthdb?useSSl=true&requireSSL=true`
    3. Added the following to `mcserver.vmoptions` (imported CA cert to truststore and client key & cert to keystore https://dev.mysql.com/doc/connector-...ing-ssl.html):
    -Djavax.net.ssl.trustStore=<path to truststore>
    -Djavax.net.ssl.trustStorePassword=<password>
    -Djavax.net.ssl.keyStore=<path to keystore>
    -Djavax.net.ssl.keyStorePassword=<password>

    Original question:

    I'm wondering if it's possible to put "mirthdb" on a remote server, and have this connection use SSL.

    I'm trying to do this because it might be convenient to have in the same DB as some of our other schemas, and we already have this DB setup, but I'm wondering if this is practical or even possible.

    1. Is there support for connecting to mirthdb using SSL? It looks like there's nothing related to this in `mirth.properties`.

    2. Can a database writer connect using SSL?

    3. (Obviously this is dependent on activity, server locations, etc.) Anecdotally, would having the DB on a different server greatly affect performance? If I'm able to do this I'll end up testing anyways, but other insights are always useful.

    Thanks!
    Last edited by LAM; 03-01-2018, 11:16 AM.

  • #2
    I think that depends on the type of database you are using, how you have it set up, and whether the JDBC driver for it uses SSL.

    Alternatively, you could probably set up a stunnel connection and communicate over that.

    Comment


    • #3
      Alternate solution

      I followed this solution but later ran into issues when attempting to install plugins. Support helped to lead me to what I believe is a better solution to this. Rather than edit your mcservice.vmoptions you can edit the jdbc string in your mirth.properties to pass the certs needed. In my example I'm using PKCS12 keys but you can pass jks also this way.

      jdbc:mysql://127.0.0.1:3306/mirthdb?useSSl=true&requireSSL=true&clientCertific ateKeyStoreUrl=file://path/to/keystore&clientCertificateKeyStorePassword=PASSWOR D&clientCertificateKeyStoreType=PKCS12&trustCertif icateKeyStoreUrl=/path/to/truststore&trustCertificateKeyStorePassword=PASSWO RD&trustCertificateKeyStoreType=PKCS12

      Hopefully is useful to someone.

      Comment

      Working...
      X