Encrypting MySQL Connections To ClearDB

Get Secure By Using MySQL SSL on ClearDB

Recently, we’ve been receiving a few requests to connect to ClearDB using client level encryption, or SSL in MySQL. While ClearDB does certainly support this option, we cannot enforce it with all of our customers – some customers simply don’t want to use encryption due to the additional complications that it adds to their configuration. However, for those who want to connect to ClearDB using SSL encryption, we now have a guide in place that shows you how to do it, as well as provides you with our CA certificate so that you can fully utilize MySQL’s encryption mechanisms.

Using The MySQL Command Line Client With SSL

Some MySQL clients (for example, certain ‘mysql’ command line tools) know how to connect securely without having to specify any of the –ssl-* options that exist. ClearDB supports this option as well, and enables it by invoking the use of default client certificates (or ‘gateway certs’) in our MySQL cluster configurations. However, some do not. If you want to see for sure that you’re connecting via SSL, you can always log into your MySQL database and enter the ‘\s’ command to see the SSL cipher in use. If you do not see a cipher in use, you’re not connected to MySQL securely. In such cases, we recommend that you use the –ssl, –ssl-ca, –ssl-cert, and –ssl-key options so that your MySQL command line client will connect to MySQL in a secure format.

Further Reading

To learn how to connect to ClearDB’s MySQL servers using SSL from PHP, Rails, Java, or Python, check out our SSL connectivity guide: http://www.cleardb.com/developers/ssl_connections