Taiwan Summit December 8th and 9th, 2018

EARCOS Workshop Presentation

Co-presented with Douglas Bradburn at EARCOS on October 25th, 2018

How to configure a Coldfusion MySql SSL connection to Google Cloud SQL

Here's instructions on how to get your MySQL Coldfusion server  (v10) to connect via SSL to Google Cloud SQL.

The tricky part of getting the SSL connection to work between Coldfusion and Cloud SQL is getting Coldfusion to use the Google CA Cert, your client cert and your client key.  I tried to put all this information into the datasource "Connection String" but was not able to get it to work that way, so I ended up splitting the information between configuring my client cert and key in the Coldfusion JVM arguments and then adding the other configuration items to the connection string in the datasource.


First Verify you can connect your datasources without SSL

If you can't connect without SSL, then you aren't going to be able to connect with SSL.  Verify first that you are able to connect your Coldfusion datasource to Cloud SQL using a non-encrypted connection.  If this works it means that you have your Coldfuison IP address added to the allowed connections for your Google Cloud SQL and it means that your mysql login id and password is working correctly.  (Make sure that your Cloud SQL is configured to allow unencrypted connections).


Now we work on the SSL Connection 

In order to get SSL connections to Google Cloud SQL you will need to have 3 files from your Google SQL Console.

server-ca.pem ->
This is your Cloud SQL Server CA and is how your client knows it is talking to your real SQL Server

client-cert.pem ->  This is your client certificate and is how the server knows it is really talking to you.

client-key.pem ->  This is your client private key.  Keep it safe.






Working with your truststore/keystore files

For working with keystores I used the opensource GUI program called Keystore Explorer  

Add your Server CA  to your Coldfusion truststore
We need to add your Cloud SQL Server CA to the Coldfusion truststore. THe truststore tells our coldfusion server which certificates that it trusts.  The default truststore coldfusion uses is located at [Coldfusion root]\jre\lib\cacerts

1. Open Keystore explorer program
2. Open the truststore located at [Coldfusion root]\jre\lib\cacerts
3. The default password is changeit (the truststore must have a password)
4. Select Tools->Import Trusted Certificate and import your server-ca.pem file
5. Save your cacerts file.

OR an alternative way to manage your Coldfusion Truststore
Another way to manage the cacert file used by Coldfusion is to install the coldfusion extension Certman and then you can view and manage your trusted certificates directly via the Coldfusion Administrator pages.




Make the keystore file for your client certificate and key
We need to make a keystore file for holding your client certificate and key.  It is very important that you use a password on both the keypair and also a password on the keystore file and the password needs to be the same for both!

1. Open Keystore explore
2. Make a new keystore file of type JKS
3. Select Tools->Import Key pair and select OpenSSL
4. When prompted for the keypair password, make sure you use a password, for example "changeit".
5. Save your new keystore file from the   File->Save menu.  MAKE SURE YOU save it with a keystore password, and it should be the same as the keypair password,  for example "changeit".
6. For this example,  I am saving the file with the  name cloudsql6.keystore in the c:\keys folder and using the password "changeit" for both the imported keypair and the the keystore file. 

Configure Coldfusion to use your keystore file
Add this line below to your Coldfusion JVM configuration and restart coldfusion.  This is telling coldfusion to use youre keystore file c:\keys\cloudsql6.keystore .  The file must have a password or it will not work.

-Djavax.net.ssl.keyStore=c:\keys\cloudsql6.keystore -Djavax.net.ssl.keyStorePassword=changeit

Connect a datasource using SSL

Add this to line below  to your datasource connectionstring to tell it to connect using SSL.  You must use the verifyServerCertificate or else it will not work.

useSSL=true&requireSSL=true&verifyServerCertificate=true

If you did everything correctly,  you will now have an SSL connection to your Google Cloud MySQL from your Coldfusion server.  Congratulations!!



Turn off allowed non-SSL connections to your Google Cloud SQL
Now you can turn off unsecured connections to your Cloud SQL to be even safer.  Tis is done from the Google Cloud Console.

Certified Information Systems Security Professional

Just received my CISSP certificate!  The test was 250 questions with 6 hours to complete.  Plus you need 5 years of full-time experience in 2 of the 8 domains.

Google Views, Photo Sphere's and make your own street view

Google Taiwan Summit Presentation May 17, 2015

More Info

Google Apps and Chromebooks at Morrison Academy

May 14th Conference at Google Taiwan

Moving Google Keep Notes to a new Gmail Account

I searched Google and couldn't find a good solution for transferring Google Keep notes between gmail accounts.  (For example between your work and personal gmail), and the option is not available on Google Takeout.  So here are the 2 ways I've been doing it.


Transferring Notes with pictures

1. In your source Google Keep account share the note with your destination Google account
2. Go to your destination Google Keep account and you will see the note,  click the 3 dots for more option and select "Make a Copy".(The reason you want to copy it is because if the original note from your source account is ever deleted it will be deleted at the destination account too)
3. Now either delete the shared note from your destination account  (So you don't see it twice).  Or if you are cleaning up your source account,  go back and delete the note from your source account (and it will also delete from the destination account).

Quick Copy/Paste 

A lot of my notes are just text and they don't even have titles so it is actually faster to just:

1. Open my source and destination Google keeps up in 2 Chrome Browsers and display both on the screen.
2. Just quickly copy/paste the text from the source note to the destination note.
3. Not the slickest solution, but it works.

The reason this came up is because I was trying to remove some of the Google Keep notes from my work Google Keep account and wanted to save them on my personal Gmail Account.