I have a Django app running on ELB connecting to a MySQL RDS db.
I checked recently and its no longer working (application is up fine but I get the following error when I try and deploy or run any manage.py db related commands. I can connect to the RDS DB manually without a problem.
django.db.utils.OperationalError: (2003, "Can't connect to MySQL server on '****.eu-west-1.rds.amazonaws.com' (110)").
I believe this is to do with the recent updates to SSL/TLS certificates - however I've gone into my RDS dashboard and updated to the new 2019 version there and I'm still getting this error.
Does anyone know what might be causing this? It worked fine before the cert change so I can only assume it's related.
I've tried adding the ssl-ca rds-ca-2019-root.pem to the DB options in django but still get the same error regardless.
Any help would be super appreciated as I'm pretty stumped currently.
Thanks!
If you are using TLS for your DB connections, I've had the most success using the "combined" ca bundle that AWS provides.
The file can be found here https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem which is referenced in the Using SSL/TLS to Encrypt a Connection to a DB Instance guide.. It would be good to also review this guide to sanity check any of your other assumptions.
Related
I'm trying to use a cfhttp post to secure.authorize.net/gateway/transact.dll, but am getting a connection failure. I'm using coldfusion 2016 on windows server 2008. I believe I have the correct cert file registered in the java keystore but am not 100% sure. Based on some google searches, I think that is the problem.
I downloaded and registered GeoTrust Primary Certification Authority - G2 from https://www.geotrust.com/resources/root-certificates/
Any tips on how to make sure the proper sha-2 certificate is registered in the keystore? I tried using IE to save the certificate from secure.authorize.net/gateway/transact.dll, by following the instructions here https://www.youtube.com/watch?v=ewT4aud-xww but that also didn't seem to work.
I should add that this wasn't working even before the TLS disablement date of yesterday. That was just a coincidence. I previously had CF 9 installed, and it was working on there. From what I've always understood, the communication failure error usually indicates lack of or incorrectly imnported certifcate into the keystore. I tried copying the CACerts file from the cf9 instal, as well as start fresh and manually import the certs.
It's likely to be related to the disablement of TLS 1.0 and 1.1 which happened today.
We're having the same issue on a couple of servers, but not others, so trying to work out why that is.
All servers are TLS 1.2 enabled, but connections on some appear to be failing.
I've tested a web socket project which uses tomcat7 on localhost and it works perfectly. I've deployed it into digital ocean server as well and it works perfectly. However when I tried to deploy it to AWS bitnami EC2 instance, it returned a "failed: Error during WebSocket handshake: Unexpected response code: 500".
I would really appreciate it if a solution could be given or a step-by-step process to fix this. Currently there is no solution to be found on the web and I believe many people are facing this issue as well.
I want to connect to AWS redshift and use Sql workbench.
i enter my URL
jdbc:redshift://testskyeng.cz2jvchnn3c7.us-east-2.redshift.amazonaws.com:5439/dev
enter my login and pass
and try to connect, but the error:
the jdbc driver did not return a connection. This is very often caused by an incorrect jdbc url
here the screen.
Please help
http://imgur.com/a/X1r6O
I found this post because I had a similar issue and wanted to share my solution.
In my case the error was the JDBC driver, I was using the wrong version, after I downloaded the correct file from Amazon (link below), I changed the driver path on "Manage drivers" and it worked fine.
http://docs.aws.amazon.com/redshift/latest/mgmt/configure-jdbc-connection.html#download-jdbc-driver
For my error when I added jdbc:postgresql:// to the beginning of the endpoint that AWS provides it worked.
I had never installed SSL onto a Windows Server before, now I ran into a problem.
I had a website hosted by Smarter ASP, and I got a SSL certificate from them. Then I moved the website into Azure as a App Service, without creating a virtual server myself. I imported the pfx file into Azure, and it worked.
Now I want to move the website into AWS.
I created a Windows Server EC2 instance in AWS. I did all the A Record and CNames changes. Now when I request "www.teacherspet.net.au", the home page is returned without any problem.
I then did the following to import the SSL certificate into the AWS EC2 server:
On "Server Certificates", I imported the pfx file using "WebHosting" as the certificate store;
I added a HTTPS binding on the site, with ip address being "*" and host name being empty;
I checked the "Require SSL" checkbox on "SSL Settings".
I have also added the same pfx file into intermediate certificate:
However, when I requested "https://www.teacherspet.net.au", I got
This site can’t be reached
www.teacherspet.net.au took too long to respond.
Why? I can't figure out what went wrong. Please help!
I am terribly sorry for the silly mistake - when I created the Network ACL inbound rule, instead of selecting "HTTPS (443)", I accidentally selected "HTTPS* (8443)". Once I corrected it, everything works. Thank you disflux for your help!
I am running into an issue where I am unable to connect to my RDS MySQL instance from my Flask app. I am using SQLAlchemy and everything is working locally but when I push my code to AWS I get the following error:
sqlalchemy.exc.OperationalError
OperationalError: (OperationalError) (1045, "Access denied for user 'db_user'#'xx.xx.xx.xxx' (using password: YES)") None None
Now I know for a fact that the error is not a security group issue as I am able to connect locally and on the instance using the MySQL client.
Well it turns out I wasn't doing anything wrong and this wasn't an error with AWS or Flask, it was strictly a SQLAlchemy bug! It turns out the URI format for MySQL connections is:
dialect+driver://username:password#host:port/database
My bug came from the fact that my password with a plus (+) character in it thus fooling the URI format into thinking everything before it was the dialect. Using a '+' character is completely legal for MySQL passwords and thus why connecting via the MySQL client was working. I hope anyone else with this error is able to find this and not spend as much time as I did trying to find a solution!