I'm trying to deploy a Django app on Heroku with an RDS instance as the database backend. Everything is working until I try to encrypt the connection, then I get this error: <pre class="prettyprint"><code>OperationalError at /path/ (2026, 'SSL connection error') </code></pre> Here's the setup: <ul> <li>Standard Django application</li> <li>MySQL RDS instance with security group allowing connections from all IP addresses</li> <li>MySQL user is setup to allow connections from any host</li> <li>Amazon's pem has been downloaded and is specified in Django settings</li> </ul> On Heroku: <pre class="prettyprint"><code>DATABASE_URL: mysql2://username:password@instance.us-east-1.rds.amazonaws.com:3306/name_staging?sslca=path/to/mysql-ssl-ca-cert.pem </code></pre> In Django settings: <pre class="prettyprint"><code>DATABASES = { 'default': dj_database_url.config() } DATABASES['default']['OPTIONS'] = {'ssl': {'ca': 'mysql-ssl-ca-cert.pem'}}` </code></pre> I've tried searching and have read a lot about setting this type of environment up in Rails, but the documentation about doing this with Django is light to non-existent. Has anyone out there successfully deployed a similar setup or does anyone have thoughts on how to solve this error? Update: Connecting via cli works as well as connecting directly using MySQLdb in the python interpreter.

Solved: The path to the pem file has to be absolute and you can't use python to attempt to build the absolute path. <pre class="prettyprint"><code>DATABASES = { 'default': dj_database_url.config() } DATABASES['default']['OPTIONS'] = { 'ssl': {'ca': '/app/project_name/rds/mysql-ssl-ca-cert.pem'} } </code></pre> Again, detecting the path like this does not work, the path must be hard coded: <pre class="prettyprint"><code>DATABASES['default']['OPTIONS'] = { 'ssl': {'ca': os.path.join(os.path.dirname(__file__), 'rds', 'mysql-ssl-ca-cert.pem')} } </code></pre>

SSL connection error when connecting to RDS MySQL from Django

I'm trying to deploy a Django app on Heroku with an RDS instance as the database backend. Everything is working until I try to encrypt the connection, then I get this error:

OperationalError at /path/
(2026, 'SSL connection error')

Here's the setup:

Standard Django application
MySQL RDS instance with security group allowing connections from all IP addresses
MySQL user is setup to allow connections from any host
Amazon's pem has been downloaded and is specified in Django settings

On Heroku:

DATABASE_URL: mysql2://username:[email protected]:3306/name_staging?sslca=path/to/mysql-ssl-ca-cert.pem

In Django settings:

DATABASES = {
    'default': dj_database_url.config()
}
DATABASES['default']['OPTIONS'] = {'ssl': {'ca': 'mysql-ssl-ca-cert.pem'}}`

I've tried searching and have read a lot about setting this type of environment up in Rails, but the documentation about doing this with Django is light to non-existent.

Has anyone out there successfully deployed a similar setup or does anyone have thoughts on how to solve this error?

Update:

Connecting via cli works as well as connecting directly using MySQLdb in the python interpreter.

How do I fix SSL connection error in MySQL?

right-click on the particular MySQL instance and select "Edit Connection" Select the "SSL" tab under Connection Method. Select the drop-down for the "Use SSL" and choose "If Available" instead of "Required". Click the "Test Connection" button at the lower right connection to make sure you can now connect without errors ...

How enable SSL in RDS MySQL?

For Amazon RDS for Oracle instances, you can turn on SSL mode by adding the SSL option in your custom option group. Amazon RDS for Oracle supports Transport Layer Security (TLS) versions 1.0 and 1.2. To use the Oracle SSL option, use the SQLNET. SSL_VERSION option setting in your option group.

How do I enforce SSL in RDS?

To enforce SSL, simply enable the newly introduced rds. force_ssl parameter ("0" by default) through the Parameter Groups page on the RDS Console, or through the CLI. Database instances that have this parameter enabled will only accept SSL connections.

How can I connect to MySQL database without SSL?

You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification. If you want to avoid the above MySQL warning, use the syntax mention in the beginning.

Solved:

The path to the pem file has to be absolute and you can't use python to attempt to build the absolute path.

DATABASES = {
    'default': dj_database_url.config()
}
DATABASES['default']['OPTIONS'] = {
    'ssl': {'ca': '/app/project_name/rds/mysql-ssl-ca-cert.pem'}
}

Again, detecting the path like this does not work, the path must be hard coded:

DATABASES['default']['OPTIONS'] = {
    'ssl': {'ca': os.path.join(os.path.dirname(__file__), 'rds', 'mysql-ssl-ca-cert.pem')}
}

SSL connection error when connecting to RDS MySQL from Django

Tags:

mysql

ssl

django

heroku

amazon-rds

Jordan Bouvier

People also ask

1 Answers

Jordan Bouvier

Recent Activity

Donate For Us

SSL connection error when connecting to RDS MySQL from Django

Tags:

mysql

ssl

django

heroku

amazon-rds

Jordan Bouvier

People also ask

1 Answers

Jordan Bouvier

Related questions

Recent Activity

Donate For Us