0

I Need to create a encrypted db connection to the Azure Cloud MySQL Servers, They have given us a CA certificate called "BaltimoreCyberTrustRoot.crt.pem" to use when connecting with the Azure MySQL Servers.

My Question is when i connect to the MySQL server i need to provide a path to a both key and a certificate file as well like below, How do I generate my own one or Do i need a above two files as well ? is leaving them blank means that connection is not secure or less secure ?

'mysql' => [
            'driver' => 'mysql',
            'host' => env('DB_HOST', '127.0.0.1'),
            'port' => env('DB_PORT', '3306'),
            'database' => env('DB_DATABASE', 'forge'),
            'username' => env('DB_USERNAME', 'forge'),
            'password' => env('DB_PASSWORD', ''),
            'unix_socket' => env('DB_SOCKET', ''),
            'charset' => 'utf8mb4',
            'collation' => 'utf8mb4_unicode_ci',
            'prefix' => '',
            'strict' => true,
            'engine' => null,
           'options'   => array(
                PDO::MYSQL_ATTR_SSL_KEY    => env('CLIENT_KEY', ''),
                PDO::MYSQL_ATTR_SSL_CERT    => env('CLIENT_CERT', ''),
                PDO::MYSQL_ATTR_SSL_CA    => env('CA_CERT', ''),
               PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
            ),
        ],
mahen3d
  • 4,342
  • 14
  • 36
  • 57

2 Answers2

0

The KEY and CERT are only used for mutual authentication, i.e. authentication by client certificate. This kind of authentication does not seem to be a requirement here though, so KEY and CERT will not be used at all.

What they given you is instead the CA which issued the server certificate, i.e. the CA_CERT.

Steffen Ullrich
  • 13,227
  • 27
  • 39
0

Assuming that you are dealing with a client cert.

You can convert the pem into the separate parts/files This could be a solution

I was able to convert pem to crt using this:

openssl x509 -outform der -in C:\path\to\your-cert.pem -out C:\path\to\your-cert.crt

And for key:

openssl pkey -in foo.pem -out foo.key
NiKiZe
  • 1,246
  • 8
  • 20