Table of Contents
Please note: This refers to enabling SSL for the MySQL database, not the web host. (HTTPS is already supported as long as your web server provides it)
Enabling SSL for a MySQL database
Find this section in inc/database.php:
$options = array(
PDO::ATTR_TIMEOUT => 5,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_EMULATE_PREPARES => false,
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
);
Change it to:
$options = array(
PDO::ATTR_TIMEOUT => 5,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_EMULATE_PREPARES => false,
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
PDO::MYSQL_ATTR_SSL_KEY => '/etc/mysql/client-key.pem',
PDO::MYSQL_ATTR_SSL_CERT => '/etc/mysql/client-cert.pem',
PDO::MYSQL_ATTR_SSL_CA => '/etc/mysql/cacert.pem',
);
Pitfalls
-
Ensure that all of the paths are correct (client key, client certificate, and CA) as they might differ on your system.
-
Use the paths for the client key/certificate rather than the server key/certificate as these are two separate things. (The client pairs are for connecting to the database, and the server pairs are for hosting the database).
-
Note: "When running a PHP version before 7.1.16, or PHP 7.2 before 7.2.4, set MySQL 8 Server's default password plugin to mysql_native_password or else you will see errors similar to The server requested authentication method unknown to the client [caching_sha2_password] even when caching_sha2_password is not used."