0

Using MySQL connector version 8.0.18 I am trying to connect to database using SSL certificates.

I am unable to do so, because this code:

MySqlConnectionStringBuilder builder = new MySqlConnectionStringBuilder();
builder.Server = "server";
builder.Port = 3307;
builder.Database = "databse";
builder.UserID = "user";
builder.Password = "************";
builder.SslMode = MySqlSslMode.Required;
builder.SslCa = "ca.pem";
builder.SslCert = "client-cert.pem";
builder.SslKey = "client-key.pem";
MySqlConnection conn = new MySqlConnection(builder.ToString());
conn.Open();

Throws following exception:

MySql.Data.MySqlClient.MySqlException: 'Authentication to host 's-ce.srv.rxe.pl' for user 's-ce.client' using method 'mysql_native_password' failed with message: Access denied for user 'user'@'server' (using password: YES)'

I have put files ca.pem, client-cert.pem and client-key.pem in the same directory where app executable is.

Using MySQL Workbench I was able to connect to this database with same parameters and pem files from the same PC.

What gives?

UPDATE

As advised in comments, I have converted PEM files to single PFX certificate with password of choice. I was able to connect updating code (only relevant changed lines):

builder.SslMode = MySqlSslMode.Required;
builder.CertificateFile = "client-cert.pfx";
builder.CertificatePassword = "************";
MySqlConnection conn = new MySqlConnection(builder.ToString());
Improve this question
5
  • It is not dependent on the SSL , since it says that it failed authentication. Commented Nov 25, 2019 at 8:36
  • You you have logged in from MySQL Workbench, did you do that from the same server as your MySQL instance ? Commented Nov 25, 2019 at 8:42
  • @Fourat Workbench and .NET application were run from the same PC. Database server is on another PC. Commented Nov 25, 2019 at 8:47
  • 1
    @rob_tokarski are you sure you have the right path to your SSL certificate ? have you added the certificate password to MySqlConnectionStringBuilder ? Check this stackoverflow.com/questions/39031412/… Commented Nov 25, 2019 at 8:52
  • After converting pem files to pfx with password of choice, it seems I was able to connect to database (connection state is Open) in application. Path was same as for pem files (filename was different obviously), so it seems MySql connector doesn't really support pem? Commented Nov 25, 2019 at 9:09

1 Answer 1

Reset to default
1

Using PEM files for mutual authentication doesn't work with Connector/NET (MySql.Data); this is a known bug: bug 97738.

There are two workarounds:

  1. Convert the client certificate & key files to a PFX file using openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -certfile ca.pem -out client.pfx.
  2. Switch to https://www.nuget.org/packages/MySqlConnector/, which does correctly support PEM files (and fixes many other bugs).
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.