From 043c7b1d11fb4bbcea7ed870534e1b1fbe5ded47 Mon Sep 17 00:00:00 2001
From: Ruan <2369127-ruany@users.noreply.gitlab.com>
Date: Fri, 24 Jun 2022 15:22:55 +0000
Subject: [PATCH] Create Database SSL

---
 Database-SSL.md | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 Database-SSL.md

diff --git a/Database-SSL.md b/Database-SSL.md
new file mode 100644
index 0000000..0f28052
--- /dev/null
+++ b/Database-SSL.md
@@ -0,0 +1,36 @@
+Please note: This refers to enabling SSL for the **MySQL database**, not the web interface itself. (HTTPS is already supported as long as your web server provides it)
+
+## Enabling Database SSL
+
+To enable SSL, find this section in `inc/database.php`:
+
+```
+            $options = array(
+                PDO::ATTR_TIMEOUT            => 5,
+                PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+                PDO::ATTR_EMULATE_PREPARES   => false,
+                PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
+            );
+```
+
+Change it to:
+
+```
+            $options = array(
+                PDO::ATTR_TIMEOUT            => 5,
+                PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+                PDO::ATTR_EMULATE_PREPARES   => false,
+                PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
+                PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
+                PDO::MYSQL_ATTR_SSL_KEY                => '/etc/mysql/client-key.pem',
+                PDO::MYSQL_ATTR_SSL_CERT               => '/etc/mysql/client-cert.pem',
+                PDO::MYSQL_ATTR_SSL_CA                 => '/etc/mysql/cacert.pem',
+            );
+```
+
+## Pitfalls
+
+- Ensure that all of the paths are correct (client key, client certificate, and CA) as they might differ on your system.
+
+- Use the paths for the client key/certificate rather than the server key/certificate as these are two separate things. (The client pairs are for **connecting to** the database, and the server pairs are for **hosting** the database).
+- [Note:](https://dev.mysql.com/doc/connectors/en/apis-php-pdo-mysql.html) "When running a PHP version before 7.1.16, or PHP 7.2 before 7.2.4, set MySQL 8 Server's default password plugin to *mysql_native_password* or else you will see errors similar to *The server requested authentication method unknown to the client \[caching_sha2_password\]* even when caching_sha2_password is not used."
\ No newline at end of file