Create Database SSL

Database-SSL.md

@@ -0,0 +1,36 @@
+Please note: This refers to enabling SSL for the **MySQL database**, not the web interface itself. (HTTPS is already supported as long as your web server provides it)
+
+## Enabling Database SSL
+
+To enable SSL, find this section in `inc/database.php`:
+
+```
+            $options = array(
+                PDO::ATTR_TIMEOUT            => 5,
+                PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+                PDO::ATTR_EMULATE_PREPARES   => false,
+                PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
+            );
+```
+
+Change it to:
+
+```
+            $options = array(
+                PDO::ATTR_TIMEOUT            => 5,
+                PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+                PDO::ATTR_EMULATE_PREPARES   => false,
+                PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
+                PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
+                PDO::MYSQL_ATTR_SSL_KEY                => '/etc/mysql/client-key.pem',
+                PDO::MYSQL_ATTR_SSL_CERT               => '/etc/mysql/client-cert.pem',
+                PDO::MYSQL_ATTR_SSL_CA                 => '/etc/mysql/cacert.pem',
+            );
+```
+
+## Pitfalls
+
+- Ensure that all of the paths are correct (client key, client certificate, and CA) as they might differ on your system.
+
+- Use the paths for the client key/certificate rather than the server key/certificate as these are two separate things. (The client pairs are for **connecting to** the database, and the server pairs are for **hosting** the database).
+- [Note:](https://dev.mysql.com/doc/connectors/en/apis-php-pdo-mysql.html) "When running a PHP version before 7.1.16, or PHP 7.2 before 7.2.4, set MySQL 8 Server's default password plugin to *mysql_native_password* or else you will see errors similar to *The server requested authentication method unknown to the client \[caching_sha2_password\]* even when caching_sha2_password is not used."