使用CA文件从Azure数据库中获取MySQL的SSL连接 [英] SSL Connections from Azure Database for MySQL using CA file
问题描述
紧随其新MySQL服务的 Azure文档,您似乎可以使用其受信任的CA Cert轻松设置SSL.
Following along with the Azure Documentation for their New MySQL service, it appears that you can setup SSL pretty simply with their Trusted CA Cert.
按照他们的步骤并根据他们的文档设置我的PHP连接字符串后,出现以下错误:
After following their steps and setting up my PHP connection string according to their docs, I get the following error:
Peer certificate CN=`AZUREREGION.control.database.windows.net' did not match expected CN=`MYDATABASE.mysql.database.azure.com' in testazure.php
Peer certificate CN=`AZUREREGION.control.database.windows.net' did not match expected CN=`MYDATABASE.mysql.database.azure.com' in testazure.php
我可以通过将连接字符串的主机名从MYDATABASE.mysql.database.azure.com更改为AZUREREGION.control.database.windows.net来解决"该问题,但是我觉得这可能不是我应该要做的.有经验的人对MySQL的Azure数据库或PHP的SSL连接有任何了解的任何指导都将是有帮助的!
I was able to "work around" the issue by changing my connection string's hostname from MYDATABASE.mysql.database.azure.com to AZUREREGION.control.database.windows.net but I feel like that's probably not what I should be doing. Any guidance from people more knowledgeable about either Azure Database for MySQL or PHP's SSL connections would be helpful!
-----更新-----
----- UPDATE -----
我以前在下面接受了杰森的回答.他的回答是不够的.如果您做得不正确,那么当MSFT决定更改数据库的基础DNS解析时,您最终将遇到停机.
I had previously accepted Jason's response below. His answer is NOT adequate. If you do as I mistakenly did above you WILL eventually experience an outage when MSFT decides to change the underlying DNS resolution for your database.
由于这个答案,我今天终于断电了.我认为 您可能需要更彻底地回答我的问题.正如我在 我的问题是,我感觉通过更改主机"路径有些不对劲 到该地区.大约20分钟前,您的内部DNS服务已更改 "MYDATABASE.mysql.database.azure.com"的基础区域记录 到"cr2.MYREGION.control.database.windows.net",而不是 没有任何警告的"MYREGION.control.database.windows.net".因此, 我要删除接受的答案.
I ended up suffering an outage today because of this answer. I think you may need to answer my question more thoroughly. As I mentioned in my question, I felt like something was off by changing the "host" path to the region. About 20 minutes ago, your internal DNS service changed the underlying region record for "MYDATABASE.mysql.database.azure.com" to "cr2.MYREGION.control.database.windows.net" instead of "MYREGION.control.database.windows.net" without any warning. As such, I'm removing the accepted answer.
推荐答案
您的解决方法实际上是正确的.在启动服务时,我们更改了服务的DNS以更准确地反映您的服务器,但是我们需要适当地更新文档.
Your work-around is actually correct. As we were launching the service, we changed the DNS of the service to more accurately reflect your server, however we need to update the documentation as appropriate.
感谢报告-我们将更新文档!
Thanks for reporting - we'll get the docs updated!
杰森 MySQL团队的Azure DB
Jason Azure DB for MySQL team
这篇关于使用CA文件从Azure数据库中获取MySQL的SSL连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
