6

I set my database to require ssl. I've confirmed I can connect to the db via command line by passing the public key [and have confirmed I can't connect if I do not pass public key]

I get the same error in my django app as when I do not pass a key. It seems I've not setup my settings.py correctly to pass the path to the public key.

What's wrong with my settings? I'm using python-mysqldb.

DATABASES['default'] = {
    'ENGINE': 'django.db.backends.mysql',
    'HOST': 'my-host-goes-here',
    'USER': 'my-user-goes-here',
    'NAME': 'my-db-name-goes-here',
    'PASSWORD': 'my-db-pass-goes-here',
    'OPTIONS': {
        'SSL': '/path/to/cert.pem',
    }
}
Improve this question
2
  • Have you been able to connect using bare MySQLdb? Commented Jul 4, 2010 at 3:46
  • yes, i can connect following these instructions: riskable.com/?p=271 but i can't seem to find the equivalent of how to express ssl_settings in django's database options. Commented Jul 4, 2010 at 14:31

2 Answers 2

Reset to default
8

Found the answer. OPTIONS should look like this:

'OPTIONS': {'ssl': {'ca':'/path/to/cert.pem',},},

Make sure you keep the commas, parsing seemed to fail otherwise?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

The mysql client must be provided with three keys:

CA cert client cert client key

See the Mysql documentation for the instructions for creating these keys and setting up the server: http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html

NOTE: There is an open issue that seems to be related to using openssl v1.0.1 to create the certificates for mysql 5.5.x (http://bugs.mysql.com/bug.php?id=64870)

This is an example entry for the Django settings file:

DATABASES = {
'default': {
              'ENGINE': 'django.db.backends.mysql',  
              'NAME': '<DATABASE NAME>',                     
              'USER': '<USER NAME>',
              'PASSWORD': '<PASSWORD>',
              'HOST': '<HOST>', 
              'PORT': '3306'    
              'OPTIONS':  {
                        'ssl': {'ca': '<PATH TO CA CERT>',
                                'cert': '<PATH TO CLIENT CERT>',
                                'key': '<PATH TO CLIENT KEY>'
                                }
                          }
            }
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.