0

Lets say I have a client that gives me db credentials, and they want to connect to the db with a secure/encrypted. They also enabled ssl in their mysql setup. When they give me their db creds, i dont want to ask them for keys and certs. So is it possible to have a encrypted secure connection via ssl when connecting to the clients db with out those items?

update: so after further tinkering around

$db->ssl_set(NULL, NULL,'/path_to_self_signed_cert/ca.pem',NULL,'');
$db->real_connect('hostname','username','password','dbname', 
'port'socket', MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);`

doing this got me the outcome i wanted after running this 

$db->query("SHOW STATUS LIKE 'Ssl_cipher';");

displayed the cipher algorithm instead of being blank 

  (
   [0] => Ssl_cipher
   [Variable_name] => Ssl_cipher
   [1] => DHE-RSA-AES128-SHA
   [Value] => DHE-RSA-AES128-SHA
  )

but dont really know why this worked, is a self signed cert the proper way of doing this ?

Improve this question
7
  • 3
    Can you clarify a little bit? If the db has been setup correctly already, the SSL certs should be valid and establishing a secure connection should be as simple as using the db credentials they provided you with. They shouldn't have to give you any additional keys or certs. Commented Aug 3, 2018 at 18:26
  • @rickjerrity I was thinking you needed some kind certificates or keys to establish a secure encrypted connection between client and server. Is there php code to verify that the connection is encrypted for sanity sake ? Commented Aug 3, 2018 at 18:44
  • I have posted an answer to your question. Feel free to edit your original question or comment here/the answer if you need further clarification on things. Commented Aug 3, 2018 at 18:52
  • You don't need keys, but you do need php to be compiled with OpenSSL so php can make the handshake. Commented Aug 3, 2018 at 19:02
  • 1
    @rickjerrity i left a reply to your answer below Commented Aug 3, 2018 at 20:13

2 Answers 2

Reset to default
1

@rickjerrity i connect to my remote db via command line, and check the status by running \s and says SSL: Cipher in use is DHE-RSA-AES256-SHA. But when i connect to the same database using php and using the same credentials it says the cipher is empty. here is the code I used to connect to the remote db

$db = mysqli_init();
    $db->real_connect('hostname','username','password','dbname');
    $res = $db->query("SHOW STATUS LIKE 'Ssl_cipher';");
    while ( $row = $res->fetch_array() ) {
        print_r($row);
    }
    $db->close();

and the response is 

[0] => Ssl_cipher
[Variable_name] => Ssl_cipher
[1] => 
[Value] =>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

No client side certificate or key should be needed for a secure db connection, besides the db credentials. PHP should verify SSL cert integrity upon connection. Any other PHP methods capable of verifying the connection's encryption status would be for sanity sake, like you mentioned. If you show some specific code examples we may be able to assist further.

Improve this answer

1 Comment

As mentioned by Anthony in a comment above, this might be a PHP configuration issue. According to Anthony, PHP must have been compiled with OpenSSL in order for it to actually establish a TLS connection. Double check that you are able to establish any TLS connections with any valid websites using PHP.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.