User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

RDS services are becoming very common now. Big players like AZURE, Amazon (AWS) or Google are ofering them. They are very handy, you get rid of scalability problems and you only focus on your database management.

One of the features you will find, as I did, in these new services is the enforced security. Which it is good, as the information traves through the Internet. Bad thing is not every system is aware of using TLS/SSL connections. I will talk how i did it in my cases.

MySQL Command Line

Usually you could do it using the mysql -h ADDRESS -u USER -pPASSWORD --ssl line however there is another way. The file /etc/my.cnf.d/mysql-clients.cnf has sections for the command line you want to use. Just add ssl=on, in the [mysql] section in this case.

PHP-PDO

PHP with PDO is easy once you find how to do it. Usually your PHP code looks like this:

$db = new PDO("mysql:host=$host;dbname=$db_name;", $username, $password, array(
PDO::ATTR_ERRMODE,
PDO::ERRMODE_EXCEPTION
));

Add a line pointing to the certification chain file. In CentOS is /etc/pki/tls/cert.pem to get the default trust chain.

$db = new PDO("mysql:host=$host;dbname=$db_name;", $username, $password, array(
PDO::ATTR_ERRMODE,
PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_SSL_CERT=>'/etc/pki/tls/cert.pem',
));

Good luck!

blog comments powered by Disqus

About

Read about IT, Migration, Business, Money, Marketing and other subjects.

Some subjects: FusionPBX, FreeSWITCH, Linux, Security, Canada, Cryptocurrency, Trading.