RDS services are becoming very common now. Big players like AZURE, Amazon (AWS) and Google are offering them. They are very handy, you get rid of scalability problems and you only focus on your database management.

One of the features you will find, as I did, in these new services is enforced security. Which is good, as the information travels through the Internet. The bad thing is not every system is aware of using TLS/SSL connections. I will talk about how I did it in my cases.

MySQL Command Line

Usually, you could do it using the mysql -h ADDRESS -u USER -pPASSWORD --ssl line however there is another way. The file /etc/my.cnf.d/mysql-clients.cnf has sections for the command line you want to use. Just add ssl=on, in the [mysql] section in this case.

PHP-PDO

PHP with PDO is easy once you find out how to do it. Usually, your PHP code looks like this:

$db = new PDO("mysql:host=$host;dbname=$db_name;", $username, $password, array(
PDO::ATTR_ERRMODE,
PDO::ERRMODE_EXCEPTION
));

Add a line pointing to the certification chain file. In CentOS is /etc/pki/tls/cert.pem to get the default trust chain.

$db = new PDO("mysql:host=$host;dbname=$db_name;", $username, $password, array(
PDO::ATTR_ERRMODE,
PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_SSL_CERT=>'/etc/pki/tls/cert.pem',
));

Good luck!

";