I'm trying to get "data in transit" via SSL between Drupal 7 to RDS Mysql. I've confirmed the following:
* SSL is configured by default in all Mysql RDS instances.
* The Mysql instance I have brought up can be connected to using Mysql client using the following command:
mysql --ssl-ca=/path/to/ssl-cert --user=USERID --host=HOSTNAME -p
I've also added a Require SSL directive for this user I am trying to connect as:
GRANT USAGE ON *.* TO 'USERNAME'@'%' REQUIRE SSL
GRANT USAGE ON *.* TO 'USERNAME'localhost'%' REQUIRE SSLI've confirmed (using the above command) that this user can login if the --ssl-ca argument is passed, but cannot login without it.
I then started digging in to determine how to configure Drupal 7 to have it connect to Mysql using SSL. I found this post
This post implies quite strongly that this support should now be configurable. I've confirmed that the version of Drupal I'm using does have this patch applied. What I cannot seem to find or figure out is exactly how I turn SSL support on for the connection. I've tried the following configurations for my databases array:
$databases = array (
'default' =>
array (
'default' =>
array (
'database' => 'DBNAME',
'username' => 'USERNAME',
'password' => 'PASSWORD',
'host' => 'HOSTNAME',
'port' => '',
'driver' => 'mysql',
'prefix' => '',
'ssl-ca' => 'ssl-ca=/path/to/ssl-cert',
),
),
);// Other versions that don't work'ssl-ca' => '/path/to/ssl-cert',
'init_commands' => array(
'ssl-ca' => 'ssl-ca=/path/to/ssl-cert',
),'init_commands' => array(
'ssl-ca' => 'ssl-ca=/path/to/ssl-cert',
),'init_commands' => array(
'ssl-ca' => 'set MYSQL_ATTR_SSL_CA=/path/to/ssl-cert',
),In each case, the database authentication fails. Note: I have confirmed that this same databases array works when I turn off REQUIRES SSL in the database.
Has anyone gotten this to work?