Hello!
I’m currently setting up a Rancher instance in our organisation.
I’m attempting to connect the Rancher Server to AWS RDS via SSL using this jdbc string:
jdbc:mysql://<DB_HOST>:<DB_PORT>/<DB_NAME>?useUnicode=true&characterEncoding=UTF-8&characterSetResults=UTF-8&prepStmtCacheSize=517&cachePrepStmts=true&prepStmtCacheSqlLimit=4096&socketTimeout=60000&connectTimeout=60000&sslServerCert=/var/lib/rancher/etc/ssl/ca.crt&useSSL=true
The issue i run into over and over again is:
10:27:52.186 [main] ERROR i.c.p.a.sources.LazyJDBCSource - Failed to get connection to database, will retry for 5 minutes
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Could not connect to AWSHOST.rds.amazonaws.com:3306: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
I’ve generated a custom dockerfile to run:
keytool -trustcacerts -importcert -file aws.crt -keystore /usr/lib/jvm/zulu-8-amd64/jre/lib/security/cacerts -noprompt -storepass changeit
Which imports the AWS CA certificate into the JVM keystore.
Has anyone else ran into this issue?
Thanks!