dongxin1999 2017-12-27 15:57
浏览 119

Cakephp 3 - 通过SSL连接MySQL

i have a question about connecting to a mySQL-Server via SSL with CakePHP 3. I know that's maybe more a PHP question but I just write here the framework which I use.

So I setup a remote mysql server and wanted to connect CakePHP with it. Unfortunately I got the MySQL-error:

SQLSTATE[HY000] [3159] Connections using insecure transport are prohibited while --require_secure_transport=ON.

Cause I configure the server only allow secure connection. After that I searched through the Cakephp documentation about secure connection and found the ssl certificate. Here's my setup:

config.php

'Datasources' => [
    'default' => [
        'className' => 'Cake\Database\Connection',
        'driver' => 'Cake\Database\Driver\Mysql',
        'persistent' => false,
        'host' => 'remote-ip',
        /**
         * CakePHP will use the default DB port based on the driver selected
         * MySQL on MAMP uses port 8889, MAMP users will want to uncomment
         * the following line and set the port accordingly
         */
        //'port' => 'non_standard_port_number',
        'username' => 'my_user',
        'password' => 'my_password',
        'database' => 'my_database',
        'encoding' => 'utf8',
        'timezone' => 'UTC',
        'flags' => [],
        'cacheMetadata' => true,
        'ssl_key' => '/home/my-user/client-ssl/client-key.pem',
        'ssl_cert' => '/home/my-user/client-ssl/client-cert.pem',
        'ssl_ca' => '/home/my-user/client-ssl/ca.pem',
        'log' => false,

Unfortunately I just got the following error:

SQLSTATE[HY000] [2002]

As far as I know everything should be setup correctly with the certificate cause I can use the terminal and sequel to login with the certs like so:

mysql -u my_user -h remote_ip -p --ssl-ca=~/client-ssl/ca.pem --ssl-cert=~/client-ssl/client-cert.pem --ssl-key=~/client-ssl/client-key.pem

If I try some raw php like this (of course with my informations):

<?php
ini_set ('error_reporting', E_ALL);
ini_set ('display_errors', '1');
error_reporting (E_ALL|E_STRICT);

$db = mysqli_init();
mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);

$db->ssl_set('/etc/mysql/ssl/client-key.pem', '/etc/mysql/ssl/client-cert.pem', '/etc/mysql/ssl/ca-cert.pem', NULL, NULL);
$link = mysqli_real_connect ($db, 'ip', 'user', 'pass', 'db', 3306, NULL, MYSQLI_CLIENT_SSL);
if (!$link)
{
    die ('Connect error (' . mysqli_connect_errno() . '): ' . mysqli_connect_error() . "
");
} else {
    $res = $db->query('SHOW TABLES;');
    print_r ($res);
    $db->close();
}
?>

I got:

PHP Warning: mysqli_real_connect(): Peer certificate CN=MySQL_Server_5.7.20_Auto_Generated_Server_Certificate' did not match expected CN=remote_ip'

So my question is now. Does someone has similiar problems or can help me with the certificate? (I use ubuntu 16, php 7) Or is there another way to solve the "Connections using insecure transport ..."-error?

  • 写回答

1条回答 默认 最新

  • douzhenggui8171 2017-12-27 16:17
    关注

    What that error (Peer certificate CN=...) is telling you, is that the autogenerated certificate was created for an IP or domain-name, (perhaps 127.0.0.1?) other than the one you are connected with. Make sure you have a certificate for whatever 'remote-ip' is.

    Most likely, the host entry in config.php is incorrect. Try setting it to your domain-name, server-ip, or even 'localhost'.

    'host' => 'remote-ip',

    generate a certificate.

    It is also possible you're running into another issue already solved:

    PHP MySQL over SSL. Peer certificate did not match

    评论

报告相同问题?

悬赏问题

  • ¥15 Qt下使用tcp获取数据的详细操作
  • ¥15 idea右下角设置编码是灰色的
  • ¥15 全志H618ROM新增分区
  • ¥20 jupyter保存图像功能的实现
  • ¥15 在grasshopper里DrawViewportWires更改预览后,禁用电池仍然显示
  • ¥15 NAO机器人的录音程序保存问题
  • ¥15 C#读写EXCEL文件,不同编译
  • ¥15 MapReduce结果输出到HBase,一直连接不上MySQL
  • ¥15 扩散模型sd.webui使用时报错“Nonetype”
  • ¥15 stm32流水灯+呼吸灯+外部中断按键