Jump to content

Connecting PHP and MYSQL using SSL


malakiahs

Recommended Posts

I need to connect php and mysql; however, each reside on different servers, because of this I want to encrypt the data transmitted.

I created and signed my own certificates using openssl, to connect both the server and the client with the key. 

 

I'm requiring the mysql user to use the "require issuer" instead of require ssl, by using the following command:

 

grant all privileges on table.* to 'user'@'iphere' identified by 'mysupersecretpass' require issuer 'details here';

 

To do this on php i'm using this function:

mysqli_ssl_set ( mysqli $link , string $key , string $cert , string $ca , string $capath , string $cipher )

 

I have set the following specifications

 

mysqli_ssl_set ( mysqli $link , "path to client-key", "path to client-cert" , "path to ca" , NULL , NULL)

 

This works, the connection is encrypted.  The problem is that I'm not sure if it is properly encrypted.

I'm thinking this because it doesn't appear to take the "path to ca", I can put anything in that field such as a random string, NULL, any number, and the database server (MYSQL) still takes it.  Even like that the connection still shows is encrypted.

 

Can anyone help or can give an advise why this is happening? Any help is greatly appreciated.

 

 

Link to comment
Share on other sites

I don't have much experiance with this but I am certain that as it is a self certification you don't need the ca="" string anyway.  ca is for linking to the certification authority that provided an authored cartificate on your behalf after you spent some money and they tested your connection info to make sure you were legit.  in this event the certificate includes some code that looks up a remote file on the ca's systems that verifies that the certificate is for the domain that is issuing it and that it is valid.  as you are self certified there is nothing in the certificate that will point to a ca server.

 

In it's simplest form using self certification you are really just encripting the data using a PSK which is known to both the client and the server, as long as the keys and protocalls match you should be fine.

Link to comment
Share on other sites

Thank you for you prompt response. 

 

I think I understand what you are saying.  Since I self-signed the certificate, the CA is not needed.  So it would make sense that anything can be placed instead of the path for the CA because it is actually never looked for when making the connection.

 

Thank you so much, I'm in debt with you. You have given me peace of mind with this.

Link to comment
Share on other sites

no problem

 

Am I using thy mysqli_ssl_set correctly by supplying it the client-key and client-cert instead of the server-key and server-cert?

I'm currently using

 

mysqli_ssl_set ( mysqli $link , "path to client-key", "path to client-cert" , "path to ca" , NULL , NULL)

 

or should I be using

 

mysqli_ssl_set ( mysqli $link , "path to server-key", "path to server-cert" , "path to ca" , NULL , NULL)

 

 

The php man pages example of the mysqli_ssl_set, uses the server path, is there a reason to do this?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.