I'm trying to connect Django to a MySQL database which is accessible through an SSL connection. How do I configure this?
My first guess would be setting the 'OPTIONS' property of the database definition. However, I can't find info on what possible options to use. The option 'ssl': '/map/to/ca-cert.pem'
does not work.
The following command seems to work:
mysql -h url.to.host -u lizard -p --ssl-ca=./ca-cert.pem
Edit: Ok I'm looking at the python-mysqldb documentation... maybe I can find the answer there.
Django officially supports the following databases: PostgreSQL. MariaDB. MySQL.
right-click on the particular MySQL instance and select "Edit Connection" Select the "SSL" tab under Connection Method. Select the drop-down for the "Use SSL" and choose "If Available" instead of "Required". Click the "Test Connection" button at the lower right connection to make sure you can now connect without errors ...
The MySQL client must be provided with three keys:
See the MySQL documentation for the instructions for creating these keys and setting up the server.
NOTE: There is an open issue that seems to be related to using openssl v1.0.1 to create the certificates for mysql 5.5.x
This is an example entry for the Django settings file:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': '<DATABASE NAME>',
'USER': '<USER NAME>',
'PASSWORD': '<PASSWORD>',
'HOST': '<HOST>',
'PORT': '3306',
'OPTIONS': {
'ssl': {'ca': '<PATH TO CA CERT>',
'cert': '<PATH TO CLIENT CERT>',
'key': '<PATH TO CLIENT KEY>'
}
}
}
}
I was getting a "SSL connection error: SSL_CTX_set_default_verify_paths failed')
"error when running python manage.py migrate
I used pip to install django-mysql-ssl package. It still wasn't working. I had to change "ca" to "ssl-ca" and now it works.
'OPTIONS': {
'ssl': {'ssl-ca': '<PATH TO CA CERT>',
}
}
I'm not sure if it is actually using encryption, but it no longer throws an error. I am running local django app connected to an AWS mariaDB instance.
Edit: django-mysql-ssl package is not required starting from Django 1.8, as the functionality is built-in now. See Dependencies section in the package description here
Dependencies
This application is confirmed to work with Django 1.5. It should also work with Django 1.6-1.7. This plugin is not necessary for Django 1.8, as the capability is built into the core.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With