Difference between revisions of "MySQL/MariaDB SSL Support Howto"
From OpenEMR Project Wiki
Bradymiller (talk | contribs) (Created page with "For mysql/mariadb ssl support (Do not perform below steps until after OpenEMR has been installed; this has not been tested to work with OpenEMR installation.), follow the below i...") |
Bradymiller (talk | contribs) |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
For mysql/mariadb ssl support (Do not perform below steps until after OpenEMR has been installed; this has not been tested to work with OpenEMR installation.), follow the below instructions in the https://github.com/openemr/openemr/blob/master/sites/default/documents/certificates/README.md directory : | For mysql/mariadb ssl support (Do not perform below steps until after OpenEMR has been installed; this has not been tested to work with OpenEMR installation.), follow the below instructions in the https://github.com/openemr/openemr/blob/master/sites/default/documents/certificates/README.md directory : | ||
# To support mysql ssl encryption, include the `mysql-ca` here (this is the CA certificate in pem form and is mandatory for mysql ssl). | |||
# Can also support client based certificate if also include mysql-cert and mysql-key (these are client certificate and client key in pem form and these are optional for mysql ssl) | |||
# For debugging purposes, if set `$GLOBALS['debug_ssl_mysql_connection']` to `true` at top of interface/globals.php, then will send messages to php log to show if mysql connections have a cipher set up. | |||
# To properly create the keys and certificates, see documentation here: https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-files-using-openssl.html | |||
# When creating the keys and certificates, vital to enter in correct information for the `Common Name` of each entity: | |||
::* `Common Name` of CA certificate: This can be anything, but needs to be different than what is used for Server and Client | |||
::* `Common Name` of Server certificate: This has to be the host name(or ip address) that the client uses to log into the mysql server. | |||
::* `Common Name` of Client certificate: Set this to the host name of the client. |
Latest revision as of 01:13, 17 May 2018
For mysql/mariadb ssl support (Do not perform below steps until after OpenEMR has been installed; this has not been tested to work with OpenEMR installation.), follow the below instructions in the https://github.com/openemr/openemr/blob/master/sites/default/documents/certificates/README.md directory :
- To support mysql ssl encryption, include the `mysql-ca` here (this is the CA certificate in pem form and is mandatory for mysql ssl).
- Can also support client based certificate if also include mysql-cert and mysql-key (these are client certificate and client key in pem form and these are optional for mysql ssl)
- For debugging purposes, if set `$GLOBALS['debug_ssl_mysql_connection']` to `true` at top of interface/globals.php, then will send messages to php log to show if mysql connections have a cipher set up.
- To properly create the keys and certificates, see documentation here: https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-files-using-openssl.html
- When creating the keys and certificates, vital to enter in correct information for the `Common Name` of each entity:
- `Common Name` of CA certificate: This can be anything, but needs to be different than what is used for Server and Client
- `Common Name` of Server certificate: This has to be the host name(or ip address) that the client uses to log into the mysql server.
- `Common Name` of Client certificate: Set this to the host name of the client.