HOWTO: Use TLS with an External MySQL DB from CloudBolt

On your MySQL Server, edit /etc/my.cnf to make sure SSL is setup:

require_secure_transport = on
ssl-ca=/var/lib/mysql/ca.pem
ssl-cert=/var/lib/mysql/server-cert.pem
ssl-key=/var/lib/mysql/server-key.pem

Restart the MySQL service on your MySQL Server.

Unless you've generated your own server ca, key, and cert, copy the following files from the /var/lib/mysql/ dir to /var/opt/cloudbolt/proserv/db/ on your CloudBolt server.

• /var/lib/mysql/server-cert.pem
• /var/lib/mysql/server-key.pem
• /var/lib/mysql/ca.pem

Edit the database connection info in /opt/cloudbolt/settings_local.py so the ssl options refer to the files copied in the previous step:

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'cloudbolt',
        'USER': 'your_db_username',
        'PASSWORD': 'your_db_password',
        'HOST': 'your_db_host',
        'PORT': 'your_db_port',
        'OPTIONS': { 'ssl': {
                'ca': '/var/opt/cloudbolt/proserv/db/ca.pem',
                'cert': '/var/opt/cloudbolt/proserv/db/server-cert.pem',
                'key': '/var/opt/cloudbolt/proserv/db/server-key.pem'
            }
        }
    }
}

If necessary, add the key value pair 'verify-server-cert': 'yes' to the above options (after/under 'key') to enable SSL server name authentication.

Restart httpd on your CloudBolt server.