MySQL and Letsencrypt

mikkoyli · April 10, 2018, 9:38am

Hello, I have setup a MySQL server with Letsencrypt certificates. I am wondering how to connect this server remotely from Nodejs (or any other) securely? When I connect with mysql command line client it says SSL is enabled. Below is output of mysql client ssl related variables:

mysql> SHOW VARIABLES LIKE 'SSL%';
+---------------+--------------------------+
| Variable_name | Value |
+---------------+--------------------------+
| ssl_ca | |
| ssl_capath | |
| ssl_cert | /etc/mysql/fullchain.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_key | /etc/mysql/privkey.pem |
+---------------+--------------------------+

Question is how do I connect to MySQL server from nodejs? In most of tutorials I've read the configuration file should look like below, but I don't have any of those files created by letsencrypt.

  ssl  : {
  ca : fs.readFileSync('./ca.pem')
  key: fs.readFileSync('./client-key.pem'),
  cert: fs.readFileSync('./client-cert.pem')
}

I have been able to get enrypted connection between nodejs and mysql with following but I think it disables all the benefits of using letsencrypt:

  ssl: {
    rejectUnauthorized: false,
  },

_az · April 10, 2018, 10:10am

People are really starting to cram Let’s Encrypt into every crevice, huh?

It looks like MySQL is not capable of gracefully reloading the certificate without restarting the entire server: https://bugs.mysql.com/bug.php?id=75404 - so you may wish to abandon your plans.

There is no great benefit marrying the Web PKI or Let’s Encrypt with MySQL. Just use a private CA (as the MySQL documentation suggests) for your server and verify the connection from your Node client using the private CA’s certificate.

https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-files-using-openssl.html

system · May 10, 2018, 10:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.