malakiahs Posted March 8, 2012 Share Posted March 8, 2012 I need to connect php and mysql; however, each reside on different servers, because of this I want to encrypt the data transmitted. I created and signed my own certificates using openssl, to connect both the server and the client with the key. I'm requiring the mysql user to use the "require issuer" instead of require ssl, by using the following command: grant all privileges on table.* to 'user'@'iphere' identified by 'mysupersecretpass' require issuer 'details here'; To do this on php i'm using this function: mysqli_ssl_set ( mysqli $link , string $key , string $cert , string $ca , string $capath , string $cipher ) I have set the following specifications mysqli_ssl_set ( mysqli $link , "path to client-key", "path to client-cert" , "path to ca" , NULL , NULL) This works, the connection is encrypted. The problem is that I'm not sure if it is properly encrypted. I'm thinking this because it doesn't appear to take the "path to ca", I can put anything in that field such as a random string, NULL, any number, and the database server (MYSQL) still takes it. Even like that the connection still shows is encrypted. Can anyone help or can give an advise why this is happening? Any help is greatly appreciated. Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted March 8, 2012 Share Posted March 8, 2012 I don't have much experiance with this but I am certain that as it is a self certification you don't need the ca="" string anyway. ca is for linking to the certification authority that provided an authored cartificate on your behalf after you spent some money and they tested your connection info to make sure you were legit. in this event the certificate includes some code that looks up a remote file on the ca's systems that verifies that the certificate is for the domain that is issuing it and that it is valid. as you are self certified there is nothing in the certificate that will point to a ca server. In it's simplest form using self certification you are really just encripting the data using a PSK which is known to both the client and the server, as long as the keys and protocalls match you should be fine. Quote Link to comment Share on other sites More sharing options...
malakiahs Posted March 8, 2012 Author Share Posted March 8, 2012 Thank you for you prompt response. I think I understand what you are saying. Since I self-signed the certificate, the CA is not needed. So it would make sense that anything can be placed instead of the path for the CA because it is actually never looked for when making the connection. Thank you so much, I'm in debt with you. You have given me peace of mind with this. Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted March 8, 2012 Share Posted March 8, 2012 no problem Quote Link to comment Share on other sites More sharing options...
malakiahs Posted March 8, 2012 Author Share Posted March 8, 2012 no problem Am I using thy mysqli_ssl_set correctly by supplying it the client-key and client-cert instead of the server-key and server-cert? I'm currently using mysqli_ssl_set ( mysqli $link , "path to client-key", "path to client-cert" , "path to ca" , NULL , NULL) or should I be using mysqli_ssl_set ( mysqli $link , "path to server-key", "path to server-cert" , "path to ca" , NULL , NULL) The php man pages example of the mysqli_ssl_set, uses the server path, is there a reason to do this? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.