2

My Amazon RDS MySQL database is configured to be accessed via SSL.

Using the public key stored at https://rds.amazonaws.com/doc/mysql-ssl-ca-cert.pem and PHP, I can successfully connect from my dev machine to MySQL. Using the same .PEM file I can also use MySQL Workbench to connect successfully.

Now I am trying to do the same from .NET. The certificates in the PEM format are not supported on Windows. I've tried to follow several resources on the Internet to generate a PFX file with Openssl but without luck.

I also tried to use this SSL converter to export to the PFX format. The online tool asks for a private key which I do not have. I do not understand why a private key is needed as long as PHP safely connects via SSL without requiring any extra key.

So my question is: what are the correct steps to convert Amazon's certificate to a PKCS#12/PFX Format usable from .NET?

Thank you.

Improve this question

1 Answer 1

Reset to default
6
+100

I think (and this post backs it up) that you should not need to specify the public key with connector/net to require SSL. This should work:

"Server=SERVER;Database=test;Uid=UID;Pwd=PASSWORD;SSL Mode=Required;"

Specifying the public key is only needed to ensure that the server you are making the SSL connection to is the one with the corresponding private key. Otherwise, with none specified, it will carry out a standard SSL handshake with whatever certificate the server in your connection string presents.

So you still get an encrypted connection, but you do not additionally verify that the server you are connecting to is one you previously installed the public key for.

If you still need to do this, you can try loading the pem file with BouncyCastle.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Just adding SSL Mode=Required fixed the problem! No other PFX file was required. If you think about it, yes, it makes sense, since the .NET Connector will use whatever certificate will find on the server during the handshake to encrypt the connection. Amazon explicitly specifies that the SSL is used only for encryption and not authentication. I was really mislead by the SSL tutorial on the MySQL .NET Connector - dev.mysql.com/doc/connector-net/en/…. Thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.