Difference between revisions of "MySQL/MariaDB SSL Support Howto"

From OpenEMR Project Wiki
(Created page with "For mysql/mariadb ssl support (Do not perform below steps until after OpenEMR has been installed; this has not been tested to work with OpenEMR installation.), follow the below i...")
 
Line 1: Line 1:
For mysql/mariadb ssl support (Do not perform below steps until after OpenEMR has been installed; this has not been tested to work with OpenEMR installation.), follow the below instructions in the https://github.com/openemr/openemr/blob/master/sites/default/documents/certificates/README.md directory :
For mysql/mariadb ssl support (Do not perform below steps until after OpenEMR has been installed; this has not been tested to work with OpenEMR installation.), follow the below instructions in the https://github.com/openemr/openemr/blob/master/sites/default/documents/certificates/README.md directory :
1. To support mysql ssl encryption, include the `mysql-ca` here (this is the CA certificate in pem form and is mandatory for mysql ssl).
:# To support mysql ssl encryption, include the `mysql-ca` here (this is the CA certificate in pem form and is mandatory for mysql ssl).
2. Can also support client based certificate if also include mysql-cert and mysql-key (these are client certificate and client key in pem form and these are optional for mysql ssl)
:# Can also support client based certificate if also include mysql-cert and mysql-key (these are client certificate and client key in pem form and these are optional for mysql ssl)
3. For debugging purposes, if set `$GLOBALS['debug_ssl_mysql_connection']` to `true` at top of interface/globals.php, then will send messages to php log to show if mysql connections have a cipher set up.
:# For debugging purposes, if set `$GLOBALS['debug_ssl_mysql_connection']` to `true` at top of interface/globals.php, then will send messages to php log to show if mysql connections have a cipher set up.
4. To properly create the keys and certificates, see documentation here: https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-files-using-openssl.html
:# To properly create the keys and certificates, see documentation here: https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-files-using-openssl.html
5. When creating the keys and certificates, vital to enter in correct information for the `Common Name` of each entity:
:# When creating the keys and certificates, vital to enter in correct information for the `Common Name` of each entity:
- `Common Name` of CA certificate: This can be anything, but needs to be different than what is used for Server and Client
::* `Common Name` of CA certificate: This can be anything, but needs to be different than what is used for Server and Client
- `Common Name` of Server certificate: This has to be the host name(or ip address) that the client uses to log into the mysql server.
::* `Common Name` of Server certificate: This has to be the host name(or ip address) that the client uses to log into the mysql server.
- `Common Name` of Client certificate: Set this to the host name of the client.
::* `Common Name` of Client certificate: Set this to the host name of the client.

Revision as of 01:08, 17 May 2018

For mysql/mariadb ssl support (Do not perform below steps until after OpenEMR has been installed; this has not been tested to work with OpenEMR installation.), follow the below instructions in the https://github.com/openemr/openemr/blob/master/sites/default/documents/certificates/README.md directory :

  1. To support mysql ssl encryption, include the `mysql-ca` here (this is the CA certificate in pem form and is mandatory for mysql ssl).
  2. Can also support client based certificate if also include mysql-cert and mysql-key (these are client certificate and client key in pem form and these are optional for mysql ssl)
  3. For debugging purposes, if set `$GLOBALS['debug_ssl_mysql_connection']` to `true` at top of interface/globals.php, then will send messages to php log to show if mysql connections have a cipher set up.
  4. To properly create the keys and certificates, see documentation here: https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-files-using-openssl.html
  5. When creating the keys and certificates, vital to enter in correct information for the `Common Name` of each entity:
  • `Common Name` of CA certificate: This can be anything, but needs to be different than what is used for Server and Client
  • `Common Name` of Server certificate: This has to be the host name(or ip address) that the client uses to log into the mysql server.
  • `Common Name` of Client certificate: Set this to the host name of the client.