0

This is a different question than a previous one by the same title.

I am unable to make my AWS EC2 instance connect to my RDS MySQL DB through SSL.

AWS EC2 Linux 2, Apache 2.4.39, PHP 7.3.10, MySQL 5.7.26

In order for my application that resides in EC2 to have a secure connection in transit, it must utilize SSL/TLS. My understanding that given my PHP/MySQL application, I need to perform the code below. In order not to affect my DB, I have set up a test DB. The new user is called new-user with its own password. I got the bundled PEM file rds-combined-ca-bundle.pem from https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem and placed it in a browser accessible directory on the EC2 server as directed by that AWS page.

Any ideas what I need to change with mysqli_real_connect() and any other statements in order to allow the database to be accessed?

In AWS-test-ssl-script.php ..

20 define ('MYSQLI', 'AWS-test-connect.php');

In 'AWS-test-connect.php' ..

12 $dbc=mysqli_init();

13 mysqli_ssl_set($dbc, NULL, NULL, NULL, "/dir/rds-combined-ca-bundle.pem", NULL);
14 mysqli_real_connect($dbc,"DB_server[without :port#]","new-user","password", "db-name", "port#");

16 $res = mysqli_query($dbc, 'SHOW STATUS like "Ssl_cipher"');
17 print_r(mysqli_fetch_row($res));
18 mysqli_close($dbc);

In AWS-test-ssl-script.php ..

35 require(MYSQLI);

44 $sel = "CREATE USER IF NOT EXISTS 'new-user'@'%' IDENTIFIED BY 'password' REQUIRE SSL";
45 $sel_qry = mysqli_query($dbc, $sel);
46 mysqli_close($sel_qry);

48 $grant = "GRANT SELECT, INSERT, UPDATE, DELETE
49 ON testdb
50 TO new-user@%";
51 $grant_qry = mysqli_query($dbc, $grant);
52 mysqli_close($grant_qry);

Output ..

Warning: mysqli_real_connect(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /dir/AWS-test-connect.php on line 14
Warning: mysqli_real_connect(): Cannot connect to MySQL by using SSL in /dir/AWS-test-connect.php on line 14
Warning: mysqli_real_connect(): [2002] (trying to connect via (null)) in /dir/AWS-test-connect.php on line 14
Warning: mysqli_real_connect(): (HY000/2002): in /dir/AWS-test-connect.php on line 14
Improve this question
5
  • Does this answer your question? How to connect to an Amazon MySQL RDS instance via PHP over SSL Commented Jan 14, 2020 at 19:27
  • @matesio Not really. Line 13 handles locating the pem file. Commented Jan 14, 2020 at 20:29
  • Are you sure mysqli_ssl_set is able to read the pem file and importing the certificates? The pem doesn't need to be accessed by the browser only by the php code. Commented Jan 15, 2020 at 4:09
  • To determine if the pem file was definitely accessible, I opened the permissions to prevent any of them negating access, and checked the locations and parameters .. ls -l /dir/rds-combined-ca-bundle.pem shows rwxrwxrwx root apache date /dir/rds-combined-ca-bundle.pem and .. ls -ld /dir shows drwxrwsrwx ec2-user apache date /dir How would I find out if mysqli_ssl_set is able to read the pem file and importing the certificates? Commented Jan 15, 2020 at 16:26
  • Then file_exists("/dir/rds-combined-ca-bundle.pem"); And it gave '1' Commented Jan 15, 2020 at 17:04
Related questions
5
How to connect to an Amazon MySQL RDS instance via PHP over SSL
1
PHP to MySQL Amazon RDS with SSL, confirm SSL
0
Having difficulties connecting to Amazon RDS MySql server with PHP
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.