Microsoft has a hard deadline of 9/30/2024 for EOL(End of Life) of MySQL DB Single Servers.

After using MS’s auto migration and moving the data, VIP AuthHub can not connect to the new MySQL flexible Server.

The kibana log show TLS certificate related validation throwable error while connecting to MySQL flexible Servers over its port.

VIP AuthHub: ALL version.

New MySQL flexible Servers likely will have a new signing cert and ssl connection is enabled.

When VIP auth hub without the matching rootCA cert from the new MySQL flexible DB Servers, the DB connection will be rejected if current MySQL DB connection mode on Authhub side is (sslMode=VERIFY_CA).

VERIFY_CA: requires validation of the MySQL server's SSL certificate to be signed by a trusted CA

Customer will needs to delete the single secret for this particular DB connection and re-create the secret from modified pem file with added new rootCA cert.

e.g.

kubectl delete secret msql-ssp-cert-example -n ssp
kubectl create secret generic msql-ssp-cert-example -n ssp --from-file '.../pem'

Then rolling restart pod service.

kubectl rollout restart -n ssp deployment

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/vip-authentication-hub/2-2/Installing/Database-Consideration.html