Client Certificate and Key for Azure Database for MySQL
I want to use an SSL connection for my MySQL databases in Azure, but I can't find out how to get a Client Certificate and Key. Is there a way to get those?
I found this article, but this is for a Server Certificate and is not the solution I am looking for: https://learn.microsoft.com/en-us/azure/mysql/howto-configure-ssl
For example, in MySQL Workbench where can I get the files needed for these two items (see screenshot):
If you want the connection between your client and the server to be encrypted, the description in the link you posted is the way to go. It tells your MySQL client to trust the CA certificate which was used to sign the server certificate the MySQL server uses. If you'd connect to the MySQL server and capture the packages, you would see the TLS handshake taking place, I just did that with one of my MySQL instances on Azure:
The option to provide a TLS client key/cert file like you show in your screenshot would enable mutual authentication or simply put: Your server would be able to use a client certificate and key to authenticate the user (e.g. instead of a password). To enable that, you would have to store a CA certificate which was used for signing your client certificate on the MySQL server - this is not possible when using the hosted Azure MySQL instance. The closest you get is to see where on the server the CA certificate is stored but there is no way to upload your own CA or server certificate.
mysql> show variables like '%ssl%';
+----------------------+------------------+
| Variable_name | Value |
+----------------------+------------------+
| azure_ssl_early_init | OFF |
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | c:\work\ca.pem |
| ssl_capath | |
| ssl_cert | c:\work\cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | c:\work\key.pem |
+----------------------+------------------+
If you want this, you have to host MySQL on your own, for example on a VM. Then you can follow for example this guide to create your own keys + certificates and this description to copy the CA certificate to the right place on your server.
- Why is my docker.compose file not creating my database?
- "Database logon failed" in Crystal Reports when using System DSN for MySQL Server
- Can I access the MySQL keypair in a plugin?
- MySQL - Update table values from another table
- Find patients admitted multiple times for the same primary diagnosis in SQL
- Connecting a Dockerized Spring Boot app to a local MySQL Database
- MySql: unknown column id in 'field list'
- Is there a simple tool to convert mysql to postgresql syntax?
- Why UNION and UNION ALL don't work in my code?
- laravel eloquent ->whereHas - write your own exists( subquery )
- MySQL server does not start with MAMP
- Forward Engineer not creating tables from Model in MySQL Workbench
- How can I make SQL case sensitive string comparison on MySQL?
- MySQL - problem with comparing strings constants containing national characters
- How to fix "java.sql.SQLException: Can't call commit when autocommit=true"
- Balance calculation problem with Foreign Exchange in Mysql
- Database Backup From Laravel Application
- Joining tables with multiple results as new columns?
- how to calculate average price of each item in inventory php mysql
- #1045 - Access denied for user 'root'@'localhost' (using password: YES)
- How can I rebuild indexes and update stats in MySQL innoDB?
- In MySQL, how can I create a stored procedure to create the database itself and then call this procedure from Java using JDBC?
- InnoDB: Unable to lock ./ibdata1 error: 35
- MySQL Order subquery by the order that fields from another table come in
- UPDATE/INSERT when modifying RDBMSs using drill
- Searching within nested JSON entries in MYSQL
- Selecting empty mysql datetime fields
- SQL Query: order by length of characters?
- how do i add database name with hyphen character using script in ubuntu
- Laravel 11 forces creation of tables you don't want and crashes the app