dongxin1999 2017-12-27 15:57
浏览 119

Cakephp 3 - 通过SSL连接MySQL

i have a question about connecting to a mySQL-Server via SSL with CakePHP 3. I know that's maybe more a PHP question but I just write here the framework which I use.

So I setup a remote mysql server and wanted to connect CakePHP with it. Unfortunately I got the MySQL-error:

SQLSTATE[HY000] [3159] Connections using insecure transport are prohibited while --require_secure_transport=ON.

Cause I configure the server only allow secure connection. After that I searched through the Cakephp documentation about secure connection and found the ssl certificate. Here's my setup:

config.php

'Datasources' => [
    'default' => [
        'className' => 'Cake\Database\Connection',
        'driver' => 'Cake\Database\Driver\Mysql',
        'persistent' => false,
        'host' => 'remote-ip',
        /**
         * CakePHP will use the default DB port based on the driver selected
         * MySQL on MAMP uses port 8889, MAMP users will want to uncomment
         * the following line and set the port accordingly
         */
        //'port' => 'non_standard_port_number',
        'username' => 'my_user',
        'password' => 'my_password',
        'database' => 'my_database',
        'encoding' => 'utf8',
        'timezone' => 'UTC',
        'flags' => [],
        'cacheMetadata' => true,
        'ssl_key' => '/home/my-user/client-ssl/client-key.pem',
        'ssl_cert' => '/home/my-user/client-ssl/client-cert.pem',
        'ssl_ca' => '/home/my-user/client-ssl/ca.pem',
        'log' => false,

Unfortunately I just got the following error:

SQLSTATE[HY000] [2002]

As far as I know everything should be setup correctly with the certificate cause I can use the terminal and sequel to login with the certs like so:

mysql -u my_user -h remote_ip -p --ssl-ca=~/client-ssl/ca.pem --ssl-cert=~/client-ssl/client-cert.pem --ssl-key=~/client-ssl/client-key.pem

If I try some raw php like this (of course with my informations):

<?php
ini_set ('error_reporting', E_ALL);
ini_set ('display_errors', '1');
error_reporting (E_ALL|E_STRICT);

$db = mysqli_init();
mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);

$db->ssl_set('/etc/mysql/ssl/client-key.pem', '/etc/mysql/ssl/client-cert.pem', '/etc/mysql/ssl/ca-cert.pem', NULL, NULL);
$link = mysqli_real_connect ($db, 'ip', 'user', 'pass', 'db', 3306, NULL, MYSQLI_CLIENT_SSL);
if (!$link)
{
    die ('Connect error (' . mysqli_connect_errno() . '): ' . mysqli_connect_error() . "
");
} else {
    $res = $db->query('SHOW TABLES;');
    print_r ($res);
    $db->close();
}
?>

I got:

PHP Warning: mysqli_real_connect(): Peer certificate CN=MySQL_Server_5.7.20_Auto_Generated_Server_Certificate' did not match expected CN=remote_ip'

So my question is now. Does someone has similiar problems or can help me with the certificate? (I use ubuntu 16, php 7) Or is there another way to solve the "Connections using insecure transport ..."-error?

  • 写回答

1条回答 默认 最新

  • douzhenggui8171 2017-12-27 16:17
    关注

    What that error (Peer certificate CN=...) is telling you, is that the autogenerated certificate was created for an IP or domain-name, (perhaps 127.0.0.1?) other than the one you are connected with. Make sure you have a certificate for whatever 'remote-ip' is.

    Most likely, the host entry in config.php is incorrect. Try setting it to your domain-name, server-ip, or even 'localhost'.

    'host' => 'remote-ip',

    generate a certificate.

    It is also possible you're running into another issue already solved:

    PHP MySQL over SSL. Peer certificate did not match

    评论

报告相同问题?

悬赏问题

  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line
  • ¥500 火焰左右视图、视差(基于双目相机)
  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)