Question

SSL Client key & certificate for managed MySql database

Various tutorials state 3 files are needed to connect a MySQL client over SSL:

  • CA certificate
  • Client certificate
  • Client key

(for example in: https://www.digitalocean.com/community/tutorials/how-to-configure-ssl-tls-for-mysql-on-ubuntu-18-04)

In the overview of my DigitalOcean managed database I’m able to download the CA certificate. Do I need the other two files as well?

My problem: on my Mac I’m able to connect over SSL using Table Plus. However on Windows I always get a SSL invalid error (in both Table Plus and MySQL Workbench)

What can I do to connect on Windows? Thanks!


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

I solved it. Here is what I did in Go 1.16:

certBytes, err := ioutil.ReadFile(“ca-certificate.crt”) if err != nil { log.Fatal(“unable to read in the cert file”, err) }

caCertPool := x509.NewCertPool() if ok := caCertPool.AppendCertsFromPEM(certBytes); !ok { log.Fatal(“failed-to-parse-sql-ca”, err) }

tlsConfig := &tls.Config{ RootCAs: caCertPool, }

if err := mysql.RegisterTLSConfig(“custom”, tlsConfig); err != nil { panic(err) }

db, err := sql.Open(“mysql”, username:password@tcp(host:port)/name?tls=custom&timeout=10s") if err != nil { return nil, err }

The reason I could not connect is that I set the wrong name inside mysql.RegisterTLS and the tls=… inside the connection string. It should be the SAME!

Same thing happened to me. I am using PostgreSql, and there should be a link to download the certificate in the overview page of the managed database.

Hello, I am having the same issue here, I need to connect via google jdbc and it’s requesting for client key and client certificate. Where do we get these from, please? The UI is not helpful at all.