12 Replies Latest reply on Apr 10, 2018 4:40 PM by Jacob Sherman

    SSL connection to MySQL

    Dhiren Bhatia

      Hi,

       

      I have a MySQL DB that only allows SSL connections. How do I configure Tableau and (or) the MySQL ODBC Connector to use SSL while making DB connections?

       

      Thanks!

        • 1. Re: SSL connection to MySQL
          Alexander Bovee

          I had this problem as well as the MySQL connector with tableau doesn't support SSL out of the box.  What I've found is that if you download the MySQL 5.1 ODBC connector and install it on your machine, you can support SSL directly from it.  To do so, just select ODBC connection when creating your connection, select MySQL 5.1 from the driver list, then configure your SSL in the SSL tab.  So far this has worked well for me although I'm having a hard time getting the Tableau Server to remember my stored password for the extract.

          • 2. Re: SSL connection to MySQL
            Kristin Lundin

            I had a similar problem. I used the workaround above and also saw the issue with the password not storing. In addition I found that if I tried to work with a date field the direct connection didn't work correctly. I had to use an extract and then it was ok.

             

            Would love to see native Tableau MySQL driver that supported SSL!

            • 3. Re: SSL connection to MySQL
              Robert Morton

              Hi Dhiren,

               

              You can use an experimental technique which is not officially supported but may enable you to get the desired behavior. Note that this technique will apply to all connections using the first-class MySQL connector, which may cause problems if you connect to servers which don't all support SSL. The last caveat I'll point out is that this requires a manual step which you must perform on each machine (including Tableau Server, if applicable).

               

              The technique uses a .TDC file placed in a global location on your machine. The TDC file will append additional connection string arguments to the connection created by Tableau to MySQL. I've attached two different variants of this TDC file that you will need to modify to either include your SSL parameters in plaintext (as with mysql-ssl-plaintext.tdc) or via files on your file system ('mysql-ssl-file.tdc'). After making your changes to your copy of the TDC file, place the file under 'My Tableau Repository\Datasources' in your user Documents folder (beta users must also have a copy under 'My Tableau Repository (Beta)\Datasources'). For Tableau Server, the TDC file must be placed under the Server 'bin' directory. For both Desktop and Server, you must relaunch / restart the product to pick up the changes.

               

              From this point on you should see in the Tableau logs that the MySQL connections are using the additional connection string parameters you've specified.

               

              Last, I don't recommend using an unsupported driver or using the generic ODBC connection in place of a first-class connection. While that may be necessary in extreme cases, I suggest that if this TDC approach works that you go back to relying on the first-class MySQL connector and the officially supported driver version.

               

              I hope this helps.

              Robert

              • 4. Re: SSL connection to MySQL
                Sean Lazar

                Robert Morton,

                I was able to get the mysql-ssl-file.tdc example working with my private CA Root Cert. When I publish a workbook to the server, I have to put the CA Root Cert in the same location that is specified on the client. This is when I don't publish the data connection.

                 

                I'm a little confused about mysql-ssl-plaintext.tdc. Does this allow you to embed the SSL certificate directly in the .tdc file? Can you give an example of how it should look with a key in it?

                • 5. Re: SSL connection to MySQL
                  Robert Morton

                  Hi Sean,

                   

                  According to the MySQL ODBC documentation, there is no way to define the SSL certificate directly in the connection string. This means that there is no way to embed the SSL certificate directly into the TDC file. See this for more information:  http://dev.mysql.com/doc/refman/5.5/en/connector-odbc-configuration-connection-parameters.html

                   

                  -Robert

                  • 6. Re: SSL connection to MySQL
                    Kristin Lundin

                    Hi - The TDC file seemed to work very well for me so far on my desktop setup. Have not yet experimented with how this works on the Tableau Server yet.

                    Thank you!

                    -Kris

                    • 7. Re: SSL connection to MySQL
                      Ben Sullins

                      Thanks Robert, I'm trying this w/ 8.1 64bit and having some issues. Any add'l support or guidance on this topic you can provide?

                      • 8. Re: SSL connection to MySQL
                        Robert Morton

                        Hi Ben,

                        Make sure you have the 32-bit driver installed. If you're still having problems, drop me a line with your logs (but don't post them on the forums).

                        -Robert

                        • 9. Re: SSL connection to MySQL
                          Kristin Lundin

                          Any luck getting 8.1 64 bit to use this workaround? We just tried it on Tableau Server and we're also having some issues.

                          Is it possible that the TDC file needs to be in a different folder on 8.1?

                          • 10. Re: SSL connection to MySQL
                            Ben Sullins

                            Hi Kristin,

                             

                            Yes, I was able to get it to work using the method Robert mentioned. I had one change and that was to remove everything from the .tdc file except the SSLCA parameter. Like so:

                             

                            <?xml version='1.0' encoding='utf-8' ?>

                            <connection-customization class='mysql' version='7.7' enabled='true'>

                              <vendor name='mysql' />

                              <driver name='mysql' />

                              <customizations>

                                <customization name='odbc-connect-string-extras' value='SSLCA={C:\ssl\mysql-ssl-ca-cert.pem}' />

                              </customizations>

                            </connection-customization>

                            • 11. Re: SSL connection to MySQL
                              Robert Morton

                              Hi Kristin,

                              It may be the case that your existing TDC file for Tableau Server was located in the 'bin' directory of your prior installation. If so, please copy it to the 'bin' directory of your Tableau Server 8.1 installation, and restart Server to pick up the changes.

                              I hope this helps,

                              Robert

                              • 12. Re: SSL connection to MySQL
                                Jacob Sherman

                                This is an old topic, but we continue to see customers referencing this thread, so I thought I'd add a little update here. The ability to require SSL and specify an SSL certificate was added to Tableau Desktop in version 9.0. In the MySQL connection dialog, notice the checkbox in the bottom-left that says "Require SSL". Once you check that box, text will appear underneath saying something along the lines of "No custom configuration file specified (click to change)..."

                                 

                                Clicking that line of text will bring up another dialog box that will allow you to specify the location of the public SSL certificate you would like Tableau to use when verifying the identity of the MySQL server. Straightforward implementations of SSL should no longer require a TDC or the Other ODBC connector to connect securely to MySQL databases.