Created
May 8, 2019 09:01
-
-
Save fhdalikhan/4021446b2ef47fa5c38ac8255141e46a to your computer and use it in GitHub Desktop.
Enable SSL connection for database connection in Laravel / PHP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Also take a look at this nice article for more knowledge https://mariadb.com/kb/en/library/securing-connections-for-client-and-server/ | |
| // for connecting via cli with ssl and host use below command | |
| mysql -u root -p -h ClientCertOne --ssl | |
| // SERVER PART | |
| 1 - Create a certificate, see this gist for info https://gist.github.com/fhdalikhan/27461530147a0b6eb281f5db1826912b | |
| 2- Add these lines to my.ini config file, providing you have these certificates. | |
| [mariadb] | |
| ssl_cert = D:/work/mysql-certs/server-cert.pem | |
| ssl_key = D:/work/mysql-certs/server-key.pem | |
| ssl_ca = D:/work/mysql-certs/ca-cert.pem | |
| [client-mariadb] | |
| ssl_cert = D:/work/mysql-certs/server-cert.pem | |
| ssl_key = D:/work/mysql-certs/server-key.pem | |
| ssl_ca = D:/work/mysql-certs/ca-cert.pem | |
| ssl-verify-server-cert | |
| // CODE PART | |
| 1 - Add a hostname, for windows open this hosts file and add hostname below, | |
| the first part is the IP address to point to and the second part is the hostname, | |
| it will be used later as the DB_HOST for e.g. | |
| 127.0.0.1 ClientCertOne | |
| 2 - Use that new host in DB_HOST | |
| DB_HOST=ClientCertOne | |
| 3 - Add cacert.pem file to project root, download from https://curl.haxx.se/ca/cacert.pem, | |
| we will reference this in the databases.php file inside config folder | |
| 4 - Open databases.php file in config, find mysql config array under connections and add this to options key | |
| 'options' => extension_loaded('pdo_mysql') ? array_filter([ | |
| PDO::MYSQL_ATTR_SSL_CA => base_path('cacert.pem'), | |
| ]) : [], | |
| 5 - Now run below code in PHP to see the Ssl_cipher Variable_name and Value which will contain the cipher name. | |
| dump(DB::select("SHOW STATUS LIKE 'Ssl_cipher'")); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment