Jump to content

Connecting from php app to ssl mysql

TheRebellion

By TheRebellion
in MySQL Help

 Share

Recommended Posts

TheRebellion Newbie

TheRebellion

Posted
Posted

I am attempting to create a connection to my database that I have set up with SSL. It is saying "Cannot make a connection to the database" 

The error in the apache log is as follows: 

[Sun Aug 03 02:27:59.418655 2025] [php:notice] [pid 176919] [client 71.244.230.195:62660] Database Connection Failed: SQLSTATE[HY000] [2006] MySQL server has gone away

The error in mysql log is as follws: 

2025-08-03  2:27:59 8 [Warning] Aborted connection 8 to db: 'unconnected' user: 'unauthenticated' host: 'web2.dataguy2020.com' (This connection closed normally without authentication)

I have created a .env file that has information as follows: 

APP
APP_NAME=MyApp
APP_ENV=dev
COMMUNITY_NAME="Community Name"
CONTACT_EMAIL="[email protected]"
CONTACT_PHONE="555-555-5555"

#Database
DB_HOST="domain.to.sqlhost.com"
DB_PORT=3306
DB_NAME="databseName"
DB_USER="username"
DB_PASS="password"

#Database Connection Certs
DB_CA="/path/to/cacert.pem"
DB_CERT="/path/to/cert.pem"
DB_CERT_KEY="/path/to/key.pem"

My classes/Database class is as follows: 

<?php
require __DIR__ . "/../vendor/autoload.php";
use Dotenv\Dotenv;
class Database {
    private PDO $pdo;
    public function __construct() {
        $parentDirectory = dirname(__DIR__);
        $dotenv = Dotenv::createImmutable($parentDirectory, '.env');
        $dotenv->load();

//      echo "<pre>"; // Use <pre> for formatted output in a browser
//foreach ($_ENV as $key => $value) {
//    echo "$key = $value\n";
//}
//echo "</pre>";


        $dbHost = $_ENV['DB_HOST'];
        $dbName = $_ENV['DB_NAME'];
        $dbUser = $_ENV['DB_USER'];
        $dbPass = $_ENV['DB_PASS'];
        $dbca = $_ENV['DB_CA'];
        $dbcert = $_ENV['DB_CERT'];
        $dbkey = $_ENV['DB_CERT_KEY'];
        $dsn = "mysql:host=$dbHost;dbname=$dbName;charset=utf8mb4";

        $options = [
            PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
//            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
            PDO::ATTR_EMULATE_PREPARES   => false,

            // SSL/TLS options
            PDO::MYSQL_ATTR_SSL_CA       => $dbca, // Path to CA certificate
            PDO::MYSQL_ATTR_SSL_CERT     => $dbcert, // Path to client certificate (if required)
            PDO::MYSQL_ATTR_SSL_KEY      => $dbkey, // Path to client key (if required)
            PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false // Verify server's SSL certificate
        ];

        try {
            $this->pdo = new PDO($dsn, $dbUser, $dbPass, $options);
            //$this->pdo = new PDO($dsn, $this->username, $this->password, $options);
            $this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
            $this->pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
        }
        catch(PDOException $e) {
            //Handle connection errors
            error_log("Database Connection Failed: " . $e->getMessage());
            die("Could not connect to the database.");
        } //end of catch

    } //end of function
    public function getConnection():
    PDO {
        return $this->pdo;
    }
} //end of class

At the bottom of my index.php I have the following as I am using this as a test 

<?php
    include_once ('classes/Database.php');
    $db = new Database();
    $pdo = $db->getConnection();
    if ($pdo) {
        echo "Database Connection was successful";
    } else {
        echo "Database Connection has failed";
    }
?>

What shows up in the browser is "Database Connection has failed"

In /etc/mysql/mariadb.conf.d I have configured both the server the client. They are both using the same certificates as they are connection from the same server for now. I am looking at expanding the number of database hosts. 

The 50-client.conf has the following information 

[client]
# Example of client certificate usage
ssl-cert = /path/to/cacert.pem
ssl-key  = /path/to/key.pem
ssl_cert = /path/to/cert.pem
ssl-cipher=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256
tls_version = TLSv1.2

The 50-server.conf contains the following information 

ssl_ca = /etc/mysql/ssl/chain.pem
ssl_cert = /etc/mysql/ssl/cert.pem
ssl_key = /etc/mysql/ssl/privkey.pem
require-secure-transport = on


#ssl_cipher="DHE-RSA-AES128-GCM-SHA256:AES128-SHA"
ssl_cipher="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"
tls_version = TLSv1.2,TLSv1.3

When I attempt to run the following error I get the following error:  

 mysql -h localhost -u #username --ssl-cert=/path/to/cert.pem --ssl-key=/path/to/key.pem --ssl-ca=/path/to/cacert.pem
ERROR 2026 (HY000): TLS/SSL error: tlsv1 alert unknown ca

 

Other key things to know is that I created these certs with certbot. I am not sure if that is what is the cause of these errors or not. I am doing the following

ssl_cert = cert.pem that is generated

ssl_ca = fullchain.pem that is generated

ssl_key = privkey.pem that is generated

Any assistance would be great!

 

Link to comment
https://forums.phpfreaks.com/topic/330085-connecting-from-php-app-to-ssl-mysql/
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.