Update Database SSL

Database-SSL.md

@@ -1,36 +1,38 @@
-Please note: This refers to enabling SSL for the **MySQL database**, not the web host. (_HTTPS is already supported as long as your web server provides it_)
-
-### Enabling SSL for a MySQL database
-
-Find this section in `inc/database.php`:
-
-```
-            $options = array(
-                PDO::ATTR_TIMEOUT            => 5,
-                PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
-                PDO::ATTR_EMULATE_PREPARES   => false,
-                PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
-            );
-```
-
-Change it to:
-
-```
-            $options = array(
-                PDO::ATTR_TIMEOUT            => 5,
-                PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
-                PDO::ATTR_EMULATE_PREPARES   => false,
-                PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
-                PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
-                PDO::MYSQL_ATTR_SSL_KEY                => '/etc/mysql/client-key.pem',
-                PDO::MYSQL_ATTR_SSL_CERT               => '/etc/mysql/client-cert.pem',
-                PDO::MYSQL_ATTR_SSL_CA                 => '/etc/mysql/cacert.pem',
-            );
-```
-
-## Pitfalls
-
-- Ensure that all of the paths are correct (client key, client certificate, and CA) as they might differ on your system.
-
-- Use the paths for the client key/certificate rather than the server key/certificate as these are two separate things. (The client pairs are for **connecting to** the database, and the server pairs are for **hosting** the database).
+Please note: This refers to enabling SSL for the **MySQL database**, not the web host. (_HTTPS is already supported as long as your web server provides it_)
+
+### Enabling SSL for a MySQL database
+
+Find this section in `inc/database.php`:
+
+```
+            $options = array(
+                PDO::ATTR_TIMEOUT            => 5,
+                PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+                PDO::ATTR_EMULATE_PREPARES   => false,
+                PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
+            );
+```
+
+Change it to:
+
+```
+            $options = array(
+                PDO::ATTR_TIMEOUT            => 5,
+                PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+                PDO::ATTR_EMULATE_PREPARES   => false,
+                PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
+                PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
+                PDO::MYSQL_ATTR_SSL_KEY                => '/etc/mysql/client-key.pem',
+                PDO::MYSQL_ATTR_SSL_CERT               => '/etc/mysql/client-cert.pem',
+                PDO::MYSQL_ATTR_SSL_CA                 => '/etc/mysql/cacert.pem',
+            );
+```
+
+## Notices
+
+- If you are using a self-signed SSL certificate, `MYSQL_ATTR_SSL_VERIFY_SERVER_CERT` should be set to false. Otherwise, you can set it to true.
+
+- Ensure that all of the paths are correct (client key, client certificate, and CA) as they might differ on your system.
+
+- Use the paths for the client key/certificate rather than the server key/certificate as these are two separate things. (The client pairs are for **connecting to** the database, and the server pairs are for **hosting** the database).
 - [Note:](https://dev.mysql.com/doc/connectors/en/apis-php-pdo-mysql.html) "When running a PHP version before 7.1.16, or PHP 7.2 before 7.2.4, set MySQL 8 Server's default password plugin to *mysql_native_password* or else you will see errors similar to *The server requested authentication method unknown to the client \[caching_sha2_password\]* even when caching_sha2_password is not used."