Create SSL connections to MySQL at IU RDC

On this page:

Overview

MySQL supports encrypted connections between the client and the server in order to protect the confidentiality and integrity of exchanged data.

By default, all <account>_root users in the RDC MySQL environment require SSL (TLS) connections. The latest versions of the MySQL command line client, as well as MySQL Workbench, will attempt to use SSL by default, which makes the process transparent to most users.

RDC account owners are strongly urged to require SSL connections for all user connections. To enable or disable the SSL requirement for a given user, call the userSetSSL procedure. For example:

mysql>CALL api.userSetSSL('myuser','%',true)
Note:
Although requiring SSL will ensure that connections are encrypted, additional steps are necessary to verify the identity of the server and prevent a man-in-the-middle attack. Users will need to configure additional settings based on their client.

MySQL command line client

  1. Download the InCommon CA file. Note the file location as you will need to provide it in the next step.
  2. When connecting to the RDC, add the following parameters: 
    --ssl-mode=VERIFY_CA --ssl-ca=<path-to-ca-file>

    Replace <path-to-ca-file> with the path of the InCommon CA file that you downloaded.

MySQL Workbench

  1. Download the InCommon CA file. Note the file location as you will need to provide it in a later step.
  2. Edit your connection to the RDC.
  3. Click the SSL tab.
  4. In the "Use SSL" drop-down, select Require and Verify Identity.
  5. In the "SSL CA File" box, enter the path to the InCommon CA file that you downloaded.

    Alternatively, next to the text box, click the ellipses (...) to search for the file.

  6. Click Close.

This is document atrb in the Knowledge Base.
Last modified on 2023-11-09 15:29:51.