[SOLVED] Require SSL not working on PHPMyAdmin


#1

Hello to all,

I want to secure the access of my phpmyadmin.
So, I’ve created a Let’s Encrypt certificate for the URL access and also for my.ini and phpmyadmin.conf files.

I can connect to mysql in command-line with –ssl-mode=REQUIRED but I can’t with the web access.
I’ve got the error :
mysqli_real_connect(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

If I configure phpmyadmin to not verify the certificate, the access is OK but I’ve the SSL is used with disabled verification message.

My web server is a WAMPServer 3.1.3 x64 on a Windows 10 host computer.
I am using Apache 2.4.33, php 7.2.5, MySQL 5.7.22 and OpenSSL 1.1.0g

EDIT/SOLUTION: used letsencrypt certificate for web access and self-signed (OpenSSL) certificates for MySQL Require SSL (this is an internal use so the root ca has not to be on client computer).

Thanks to all.

Kind regards,

NivekLR


#2

Hi,

Can you share us how do you set the SSL up in mysql (my.ini?)

Also, i believe it’s not suggested to use a public trusted CA to setup MySql server.

Thank you


#3

The my.ini configuration:
my

I know that it’s preferred private CA but I’ve not one yet :slight_smile:

Kind regards,


#4

The phpmyadmin configuration:
The last line is the “bad” thing I’ve done for connection to work

I’ve already tested chain certificate but still the same issue…


#5

As i don’t really know the issue… can you check if all certificates are in RSA / Decoded mode ?

P.S. Tutorial about generate private CA & Intermediate here:
https://jamielinux.com/docs/openssl-certificate-authority/

P.S. This is not (possibly) a Let’s Encrypt Problem and it seems to be not related to LE (TLS Web)


#6

How can I check if certificates are in RSA / Decoded mode ?


#7

If that mean the files are readable the answer is yes. Those files are in this format :
—BEGIN RSA XXXX — AAAA — END RSA XXX ----


#8

I’ve followed the setup of a Root and Intermediate CA and the connection works like a charm !

Thank you.

Kind regards,


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.