5

I have an EC2 instance running a WordPress site. The WordPress db is on a RDS instance. I want to connect to the db over SSL.

From what I've read, the MySQL extension that WordPress uses out of the box doesn't support SSL. So, I've installed a WordPress db script that uses MySQLi, which does support SSL.

The problem I encountered is that Amazon only supplies one key file (more info), and all the examples I can find using MySQLi over SSL include at least 3 files:

$db = mysqli_init();
$db->ssl_set('server-key.pem','server-cert.pem','cacert.pem',NULL,NULL);

I'm able to connect to my db over SSL from the mysql command line app. Can anyone tell me what I need to do to get PHP's MySQLi extension to work, given that I only have the 1 file?

Improve this question
4
  • What happens if you skip those parameters? Commented Jan 14, 2011 at 21:01
  • Just a note, Amazon docs state that within the same Region traffic does never leave Amazon's network. So this includes traffic between all Availability Zones within one particular Region. Commented Apr 10, 2012 at 12:39
  • Also, what was the name/link of the "WordPress db script that uses MySQLi"? Thanks! Commented Apr 10, 2012 at 12:41
  • It's been a while but I believe I followed these instructions to modify wp-db.php: wordpress.org/support/topic/mysqli Commented Apr 10, 2012 at 20:58

2 Answers 2

Reset to default
5

Turns out this was less complicated than I thought. Turning up the error reporting level uncovered an error in my code that I hadn't caught. Using ssl_set this way works:

$db = mysqli_init();
$db->ssl_set(NULL,NULL,'/path/to/mysql-ssl-ca-cert.pem',NULL,NULL);
$db->real_connect($dbhost,$dbuser,$dbpassword,$dbname);
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

doesnt EC2 already come with this mysql-ssl-ca-cert.pem file preinstalled or do you need to manually download and install it?
1

Try this:

$db = mysqli_init();
$db->ssl_set(null, 'https://rds.amazonaws.com/doc/mysql-ssl-ca-cert.pem', null, null, null);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.