This document describes how to encrypt and authenticate the connection between your application and your CNDb database using the HTTPS protocol.
By default, every connection to a CNDb database will use transport encryption if possible, using the
PREFERRED SSL mode. If the server cannot establish an encrypted connection, it will fall back to an unencrypted connection.
To enforce encrypted transport, use the
--ssl-mode=REQUIRED option in your MySQL connection string.
To enforce encrypted transport and verify the certificate authority, use the
--ssl-mode=VERIFY_CA. This SSL mode requires a certificate authority (CA) certificate. To configure your MySQL client to use the CA cert for your database, follow these steps:
CNDb databases currently do not support the
VERIFY_IDENTITY SSL mode.
This opens the Clusters Overview.
This opens the Overview for your cluster.
This opens the Overview for your database.
This displays your Certificate Authority certificate.
This document should be accessible by your MySQL client.
For example, you can create a file named
ca.pem and paste the certificate from your clipboard.
Note: Include the lines that read
-----BEGIN CERTIFICATE----- and
Update your MySQL connection configuration file to include the following line:
/path/to/ca-cert.pem with the path to your certificate.