I'm currently trying to connect to a DO managed server, which is protected with a SSL / secure connection by default.
I'm using Laravel, and have downloaded the cert, reuploaded it to my box, and placed it in a non www accessible location. In addition, the secure port on the box is no 3306, but 25060.
I have modified my database connection to the below, and combinations of the below, but can't seem to connect.
This primarily comes from a lack of understanding in relation to these:
MYSQL_ATTR_SSL_VERIFY_SERVER_CERT
MYSQL_ATTR_SSL_CA
MYSQL_ATTR_SSL_CERT
MYSQL_ATTR_SSL_KEY
Digital Ocean only provide one file to use to connect to the database, which is named `ca_certificate.crt' I can only assume that the most appropriate static variable is therefore:
MYSQL_ATTR_SSL_CA
I did not generate the file, therefore I do not have the key used to create it... Connecting using a Mysql client simply lets me select this certificate and use the provided details within DO, and everything works fine.. it's the building the new connection string within Laravel that currently is generating a timeout error.
Any assistance in determining what these other values should use in terms of files on my server, if I can just use the provided certificate (without anything else / without other Statics in the config? )
My questions are therefore:
1) what should I use as a signing key (if anything)
2) can I use the certificate provided by DigitalOcean just to connect in the same way as my client locally
3) if so, what Static variable is most appropriate
4) if not, what combination of other files will I need alongside the single certificate provided alongside the managed server connection details from DO.
It's also worth noting that I have an SSL installed on this machine already but.. not sure if those keys / certs etc. are needed for the database connection?
Any help on clarifying any of the above appreciated.
Found resources thus far:
I have exactly same question as Alex... where do I find the key or do I generate it myself??? https://www.digitalocean.com/community/questions/ssl-client-key-certificate-for-managed-mysql-database
No idea if this is still the case:
https://laracasts.com/discuss/channels/laravel/connecting-to-a-digital-ocean-mysql-managed-database
'mysql' => [
'driver' => 'mysql',
'url' => env('DATABASE_URL'),
'host' => env('DB_HOST', '127.0.0.1'),
'port' => env('DB_PORT', '3306'),
'database' => env('DB_DATABASE', 'forge'),
'username' => env('DB_USERNAME', 'forge'),
'password' => env('DB_PASSWORD', ''),
'unix_socket' => env('DB_SOCKET', ''),
'charset' => 'utf8mb4',
'collation' => 'utf8mb4_unicode_ci',
'prefix' => '',
'prefix_indexes' => true,
'strict' => true,
'engine' => null,
'ssl_mode' => 'require',
'options' => array(
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
PDO::MYSQL_ATTR_SSL_CA => '/.../certs/ca-certificate.crt',
PDO::MYSQL_ATTR_SSL_CERT => '/.../certs/ca-certificate.crt',
PDO::MYSQL_ATTR_SSL_KEY => '/...../certs/?????'
),
],
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire