MySQL connection over SSL with Laravel

Question

I have a problem connecting to my database over ssl in a Laravel application. My config is as follows:

       'mysql' => [
            'driver' => 'mysql',
            'host' => env('DB_HOST', '127.0.0.1'),
            'port' => env('DB_PORT', '3306'),
            'database' => env('DB_DATABASE', 'forge'),
            'username' => env('DB_USERNAME', 'forge'),
            'password' => env('DB_PASSWORD', ''),
            'unix_socket' => env('DB_SOCKET', ''),
            'charset' => 'utf8mb4',
            'collation' => 'utf8mb4_unicode_ci',
            'prefix' => '',
            'strict' => true,
            'engine' => null,
            'sslmode' => 'require',
            'options'   => array(
                PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
                PDO::MYSQL_ATTR_SSL_KEY => '/certs/client-key.pem',
                PDO::MYSQL_ATTR_SSL_CERT => '/certs/client-cert.pem',
                PDO::MYSQL_ATTR_SSL_CA => '/certs/ca.pem',
            ),
        ],

DB_CONNECTION=mysql
DB_HOST=xxx.xxx.xxx.xxx
DB_PORT=3306
DB_DATABASE=db_name
DB_USERNAME=db_user
DB_PASSWORD=xxxx

These setting give me the following error on the MySQL server.

2018-10-30T09:18:25.403712Z 71 [Note] Access denied for user 'user'@'xxx.xxx.xxx.xxx' (using password: YES)

Through mysql-client it works perfectly from the client server.

mysql -u user -p -h xxx.xxx.xxx.xxx --ssl-ca=/certs/ca.pem --ssl-cert=/certs/client-cert.pem --ssl-key=/certs/client-key.pem

Output of `\s' command performed on the client while connected with the above command.

mysql  Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

Connection id:      16
Current database:   database
Current user:       [email protected]
SSL:            Cipher in use is DHE-RSA-AES256-SHA
Current pager:      stdout
Using outfile:      ''
Using delimiter:    ;
Server:         MySQL
Server version:     5.7.24-0ubuntu0.18.10.1 (Ubuntu)
Protocol version:   10
Connection:     167.99.215.179 via TCP/IP
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    utf8mb4
Conn.  characterset:    utf8mb4
TCP port:       3306
Uptime:         23 min 29 sec

Threads: 2  Questions: 38  Slow queries: 0  Opens: 135  Flush tables: 1  Open tables: 128  Queries per second avg: 0.026
--------------

The application runs inside a docker container based on the php:7.2.11-fpm image. And is configured with the following php extensions.

RUN docker-php-ext-install bcmath zip pdo_mysql json tokenizer

MySQL version:

Server version: 5.7.24-0ubuntu0.18.10.1 (Ubuntu)

PHP version:

PHP 7.2.11 (cli) (built: Oct 16 2018 00:46:29) ( NTS )

PDO version:

PDO

PDO support => enabled
PDO drivers => sqlite, mysql

pdo_mysql

PDO Driver for MySQL => enabled
Client API version => mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387

OpenSSL version:

openssl

OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 1.1.0f  25 May 2017
OpenSSL Header Version => OpenSSL 1.1.0f  25 May 2017
Openssl default config => /usr/lib/ssl/openssl.cnf

Directive => Local Value => Master Value
openssl.cafile => no value => no value
openssl.capath => no value => no value

Any thoughts on this? This is keeping me busy for hours...

Answer 1

I finally solved the issue. The config above is actually good. I was working in the docker container directly. For some reason the config kept in cache.

Following commands did not clear the config cache:

php artisan config:clear
php artisan config:cache
php artisan cache:clear

I noticed this when I created a new user to connect with the database to test something. I rebuild the container with the new config and everything works perfectly now.

Answer 2

1. Please check your .env file. This file will be on website root folder.

   DB_CONNECTION=mysql
   DB_HOST=hostip
   DB_PORT=3306
   DB_DATABASE=database_name
   DB_USERNAME=database_user_name
   DB_PASSWORD=database_password
   

2.also update config -> database.php file as:

    'mysql' => [
        'driver' => 'mysql',
        'host' => env('DB_HOST', '127.0.0.1'),
        'port' => env('DB_PORT', '3306'),
        'database' => env('DB_DATABASE', 'forge'),
        'username' => env('DB_USERNAME', 'forge'),
        'password' => env('DB_PASSWORD', ''),
        'unix_socket' => env('DB_SOCKET', ''),
        'charset' => 'utf8mb4',
        'collation' => 'utf8mb4_unicode_ci',
        'prefix' => '',
        'sslmode' => env('DB_SSLMODE', 'prefer'),
        'options'   => array(
            PDO::MYSQL_ATTR_SSL_CA      => '/home/.../ca-cert.pem',
            PDO::MYSQL_ATTR_SSL_CERT    => '/home/.../cert.pem',
            PDO::MYSQL_ATTR_SSL_KEY     => '/home/.../key.pem'
        ),
        'strict' => true,
        'engine' => null,
    ],