如何通过 SSL 连接到 Amazon RDS? [英] How to connect to Amazon RDS via SSL?

查看:45
本文介绍了如何通过 SSL 连接到 Amazon RDS?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试与通过 Amazon RDS 托管的 MySQL 数据库建立 SSL 连接.我对如何连接感到困惑.

I'm trying to set up an SSL connection to a MySQL database hosted via Amazon RDS. I'm confused as to how to connect.

根据亚马逊的文档,我需要下载名为rds-ca-2015-root.pem"的 CA 证书并在我的 SSL 连接中使用它.我将要连接的数据库用户设置为需要 SSL.

According to Amazon's documentation, I need to download a CA certificate called "rds-ca-2015-root.pem" and use it in my SSL connection. I set the database user that I am connecting with to require SSL.

在 PHP 中,我包含以下代码来启动连接:

In PHP, I include the code below to initiate the connection:

$mysqli = mysqli_init();
mysqli_options($mysqli, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$mysqli->ssl_set(NULL, NULL, "/path/to/pem", NULL, NULL);
$mysqli->real_connect("host", "username", "password", "name", 3306, NULL, MYSQLI_CLIENT_SSL);

但是,无论我在ssl_set()中指定哪个路径作为第三个参数(即使路径无效),SSL连接都成功建立.第三个参数不能设置为NULL.

我通过运行以下查询来验证这一点:SHOW STATUS LIKE 'Ssl_cipher';.输出验证连接是否已加密(Ssl_cipher => AES256-SHA).

I verify this by running this query: SHOW STATUS LIKE 'Ssl_cipher';. The output verifies that the connection is encrypted (Ssl_cipher => AES256-SHA).

有人可以向我解释这是如何工作的吗?我很困惑,当路径不正确时,连接为什么会继续成功工作.RDS服务器是如何验证的?

Could someone please explain to me how this works? I am confused as to why the connection continues to work successfully when the path is incorrect. How is the RDS server being verified?

推荐答案

尽我所知 - 如果您要求或需要与 RDS MySQL 的 SSL 连接,您将获得一个 - 无论证书的本地副本是否为有效或可读.

As best I can tell - if you ask for or require an SSL connection to RDS MySQL you will get one - regardless of whether the local copy of the certificate is valid or readable.

我在 Drupal 中使用以下配置,无论我在证书路径中的位置或内容,我都会获得 SSL 连接:

I am using the following config in Drupal and regardless of where or what I put in the cert path I get an SSL connection:

$databases['default']['default'] = [
  'database' => 'drupal_db',
  'username' => 'db_user',
  'password' => 'db_password',
  'host' => 'hostname',
  'port' => '3306',
  'driver' => 'mysql',
  'prefix' => '',
  'pdo' => array(
      PDO::MYSQL_ATTR_SSL_CA => '/etc/ssl/certs/rds-combined-ca-bundle.pem',
      PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
  ),  
];

但是,如果我将 MYSQL_ATTR_SSL_VERIFY_SERVER_CERT 值设置为false"我收到连接错误并且 Drupal 失败.到目前为止,我还没有找到任何解释为什么这不会验证证书和/或如何使其成功验证!

However, if I set the MYSQL_ATTR_SSL_VERIFY_SERVER_CERT value to "false" I get a connection error and Drupal fails. So far I have not been able to find any explanation of why this won't validate the certificate an/or how to make it successfully do so!

这篇关于如何通过 SSL 连接到 Amazon RDS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆