如何访问从MySQL .NET连接器托管在亚马逊RDS使用SSL MySQL数据库 [英] How to access a MySQL database hosted on Amazon RDS with SSL from MySQL .NET Connector

问题描述

我的亚马逊RDS MySQL数据库被配置成通过SSL访问。

My Amazon RDS MySQL database is configured to be accessed via SSL.

使用存储在 HTTPS公钥：//rds.amazonaws。 COM / DOC / MySQL的-SSL-CA-cert.pem 和PHP，我可以成功地从我的开发机器连接到MySQL。使用相同的.PEM文件，我也可以使用MySQL Workbench的成功连接。

Using the public key stored at https://rds.amazonaws.com/doc/mysql-ssl-ca-cert.pem and PHP, I can successfully connect from my dev machine to MySQL. Using the same .PEM file I can also use MySQL Workbench to connect successfully.

现在我想从.NET这样做。不支持在Windows中的PEM格式的证书。我试图按照互联网上的很多资源，可以产生与OpenSSL的，但没有运气PFX文件。

Now I am trying to do the same from .NET. The certificates in the PEM format are not supported on Windows. I've tried to follow several resources on the Internet to generate a PFX file with Openssl but without luck.

我还试图用此SSL器出口到PFX格式。该在线工具要求，我没有一个私钥。我不明白为什么一个私钥只要PHP通过SSL安全连接，不需要任何额外的密钥所需。

I also tried to use this SSL converter to export to the PFX format. The online tool asks for a private key which I do not have. I do not understand why a private key is needed as long as PHP safely connects via SSL without requiring any extra key.

所以我的问题是：什么是亚马逊的证书转换为PKCS＃12 / PFX格式可以使用从.NET的正确步骤

So my question is: what are the correct steps to convert Amazon's certificate to a PKCS#12/PFX Format usable from .NET?

感谢你。

推荐答案

我想（的和这个职位它备份），你不应该需要指定与连接器/净要求SSL公钥。这应该工作：

I think (and this post backs it up) that you should not need to specify the public key with connector/net to require SSL. This should work:

"Server=SERVER;Database=test;Uid=UID;Pwd=PASSWORD;SSL Mode=Required;" 

指定公钥只需要确保服务器正在制作的SSL连接是具有相应的私钥。否则，没有指定，将开展与任何证书标准的SSL握手在连接字符串presents服务器。

Specifying the public key is only needed to ensure that the server you are making the SSL connection to is the one with the corresponding private key. Otherwise, with none specified, it will carry out a standard SSL handshake with whatever certificate the server in your connection string presents.

所以，你仍然可以得到一个加密的连接，但你没有增加验证服务器要连接到一个你previously安装的公用密钥。

So you still get an encrypted connection, but you do not additionally verify that the server you are connecting to is one you previously installed the public key for.

如果你仍然需要做到这一点，你可以尝试用装在BouncyCastle的PEM文件。

If you still need to do this, you can try loading the pem file with BouncyCastle.

这篇关于如何访问从MySQL .NET连接器托管在亚马逊RDS使用SSL MySQL数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！