cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Foreign catalog - Connections using insecure transport are prohibited --require_secure_transport=ON

TimB
New Contributor III

‎09-19-2023 12:52 PM

I have added a connection to a MySql database in Azure, and I have created a foreign catalog in Databricks. But when I go to query the database I get the following error;

Connections using insecure transport are prohibited while --require_secure_transport=ON

I appreciate that I can turn off this setting on my database, but I would rather do it properly and configure it from the Databricks side. Is it possible to configure Databricks so it uses secure transport on external connections?

 

 

0 Kudos
8 REPLIES 8

Kaniz_Fatma
Community Manager
Community Manager

‎09-19-2023 01:38 PM

Hi @TimB , Yes, it is possible to configure Databricks to use secure transport on external connections. You will need to include the SSL properties in your connection options.

The SSL properties usually include:

sslmode: The SSL mode to use when connecting to the target. To enforce SSL, set this to 'require'.
sslcert: The path to the SSL client certificate file.
sslkey: The path to the SSL private key file.
sslrootcert: The path to the SSL root certificate file.

0 Kudos

TimB
New Contributor III

‎09-20-2023 01:10 AM

Thanks Kaniz, but if you view the screenshot below, you will see the options I get, and I'm not sure where I should be adding those extra details. Can you advise?

Preview file
80 KB
0 Kudos

Kaniz_Fatma
Community Manager
Community Manager

‎09-20-2023 01:35 AM

Hi @TimB , 

Yes, it is possible to configure Databricks to use secure transport on external connections. You can set the trustServerCertificate option to true in the Spark configuration. This option allows the driver to trust the server certificate for SSL connections, instead of validating it against the certificate authority.

Here's an example of how to configure a JDBC connection to use SSL in Databricks using the Spark configuration:

jdbcUsername = "myusername"
jdbcPassword = "mypassword"
jdbcHostname = "myhostname"
jdbcPort = "myport" 
jdbcDatabase = "mydatabase" 

jdbcUrl = "jdbc:mysql://{0}:{1}/{2}?useSSL=true&requireSSL=true&verifyServerCertificate=false&trustServerCertificate=true".format(jdbcHostname, jdbcPort, jdbcDatabase)

connectionProperties = {
  "user": jdbcUsername,
  "password": jdbcPassword,
  "driver": "com.mysql.jdbc.Driver",
}

df = spark.read.jdbc(url=jdbcUrl, table="mytable", properties=connectionProperties)
0 Kudos

TimB
New Contributor III

‎09-20-2023 01:39 AM

Hi Kaniz,

That is the way I work when I normally query data from the azure SQLdatabase in DBX. But I am trying to use the new Lakehouse Federation from within DBX itself which should abstract away those connections properties. 

https://learn.microsoft.com/en-us/azure/databricks/query-federation/mysql

 

 

0 Kudos

J-Bradlee
New Contributor II

a week ago

Hi,

Is there an update on this? I have the same issue where I try using Lakehouse federation but I cannot input the additional connection information or manually edit the url created when defining a "connection" on the databrick UI required for Lakehouse federation.

0 Kudos

TimB
New Contributor III

a week ago

I was trying to connect to our database (Azure MySQL) from DBX, but we wanted require_secure_transport to be set to ON, and we didn't want to turn it off. We ended up moving DBX within a VNET and setting up a private link to get around this.

0 Kudos

J-Bradlee
New Contributor II
In response to TimB

Monday

Thanks Tim. That seems like the way to go. You prompted me to find this section of the docs: Networking recommendations for Lakehouse Federation - Azure Databricks | Microsoft Learn which mentions exactly what you just said.

On a side note: If you have set up databricks serverless compute to access your Azure mySQL? Did you do the same thing with the serverless compute?

0 Kudos

TimB
New Contributor III

Tuesday

I was unable to use serverless compute with Azure MySQL. I did have a meeting with tech support at databricks and the conclusion at the time was - if your Azure MySql is not publically accessible, you cannot connect to it from serverless compute.

I'm mainly using serverless compute to access Dashboards, so I'm using jobs in the background to populate delta tables so the serverless compute can access those instead as a work around.

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements