0

According to AWS RDS documentation, AWS RDS MySQL comes with a SSL certificate, and the public key is in a file called "rds-combined-ca-bundle.pem" downloadable from AWS website.

I also saw documentation from MySQL that this is how you create a SSL client connection in C# (.NET):

using (MySqlConnection connection = new MySqlConnection("database=test;user=sslclient;CertificateFile=H:\\...\\client.pfx;CertificatePassword=pass;SSL Mode=Required"))
{
    connection.Open();
}

But how to convert this "rds-combined-ca-bundle.pem" to this "client.pfx"?

Improve this question

1 Answer 1

Reset to default
0

The client certificate is not the same as the CA Bundle. The CA Bundle is used to verify that the remote server's certificate is trusted. You do this in windows by adding the CA to the certificate store. That being said, when you specify SSL Mode=Required the MySql Client ignores certificate validation so there is no need to even use the CA PEM File.

If you do want the .Net MySql client to validate the certificate then you must set SSL Mode = VerifyCA or VerifyFull.

To import the PEM CA in to the certificate store.

Open MMC, and go to the Certificates snap-in. Open Certificates (local computer), double-click the Trusted Root Certification Authorities node.
Right click Certificates , select all tasks - > Import...

Here is a post with more information on MySQL .Net SSL options

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.