PHP to MySQL SSL Connections

by

Here PHP (and mysqli_real_connect) is the client not the server. You’re configuring it with mysqli_ssl_set for client-certificate authentication (and using the server key and certificate).

I’m not sure how you’ve configured your MySQL server, but there should be something like this in the (MySQL) server section of the configuration:

ssl-key=/mysql-ssl-certs/server-key.pem
ssl-cert=/mysql-ssl-certs/server-cert.pem
ssl-ca=/mysql-ssl-certs/ca-cert.pem

These don’t belong to the client side anyway (only the CA certificate does, but definitely not the server’s private key).

Once you’ve done this, you can try to see if the server is configured properly using the command line client:

mysql --ssl-verify-server-cert --ssl-ca=/mysql-ssl-certs/ca-cert.pem --ssl -h hostname ...

or perhaps this (although verify server cert should really be enabled for SSL/TLS to be useful)

mysql --ssl-ca=/mysql-ssl-certs/ca-cert.pem --ssl -h hostname ...

This should work at least on the command line.

Then, from PHP, you get two options:

  • use mysqli_ssl_set like you’ve done, but leaving $key and $cert null, unless you want to use a client-certificate which really ought to be different from your server certificate. (I can’t remember whether that works.)

  • possibly easier, omit mysqli_ssl_set altogether and configure this in your global MySQL client configuration file (where PHP should be able to pick it up, possibly /etc/mysql/my.cnf, but this may vary depending on your distribution):

    [client]
ssl-ca=/mysql-ssl-certs/ca-cert.pem

(This is similar to the server config, but on the client side/in the client section.)

For the authorization part (GRANT):

  • REQUIRE SSL only requires the use of SSL/TLS
  • REQUIRE ISSUER, REQUIRE SUBJECT and REQUIRE X509 require the client to present a client-certificate to compare to the required values (that’s the case where you’d need to use ssl-key and ssl-cert on the client side (config or within mysqli_ssl_set).

More Related Contents:

  1. Save the data into a database and return another value from database using PHP
  2. Can I mix MySQL APIs in PHP?
  3. How to check if a row exists in MySQL? (i.e. check if username or email exists in MySQL)
  4. How to change mysql to mysqli?
  5. How to prevent duplicate usernames when people register?
  6. Best way to INSERT many values in mysqli?
  7. How to use mysqli prepared statements?
  8. MySQLi prepared statements error reporting [duplicate]
  9. Why is mysqli giving a “Commands out of sync” error?
  10. mysqli last insert id
  11. mysqli: can it prepare multiple queries in one statement?
  12. CodeIgniter: Unable to connect to your database server using the provided settings Error Message
  13. MySQLi count(*) always returns 1
  14. Warning: mysqli_connect(): (HY000/2002): No such file or directory
  15. Do I have to guard against SQL injection if I used a dropdown?
  16. Using Mysqli bind_param with date and time columns?
  17. Using MySQLi from another class in PHP
  18. How do I display a MySQL error in PHP for a long query that depends on the user input? [duplicate]
  19. PHP PDO and MySQLi [duplicate]
  20. PHP + MySql + Stored Procedures, how do I get access an “out” value?
  21. Unknown database error in PHP but it exists in PHPMyAdmin
  22. Connect to remote MySQL server with SSL from PHP
  23. php password_verify() hash and pass won’t match
  24. Get number of rows matched by UPDATE query with PHP mysqli
  25. How to use mysqli_query() in PHP?
  26. How to run multiple insert query in SQL using PHP in one go?
  27. Strange problem with the length of the field gotten from database [duplicate]
  28. PHP: mysql v mysqli v pdo [closed]
  29. How do I ensure I caught all errors from MySQLi::multi_query?
  30. Why cannot the PHP hide the error message thrown by the MySQL connection?

Leave a Comment