Use SSL with your Cloud Database instance
SSL (Secure Sockets Layer) is a security protocol that uses encryption technology to ensure that sensitive information sent over the Internet is protected. Users on your site might need to divulge personal information to you such as credit card numbers, Social Security numbers, user names, and passwords. By making an SSL connection to your database, your customers can trust that their data will be encrypted when it’s sent to and from your web application.
Note: Using SSL encryption is resource-intensive and might impact the latency of your database connection.
Download the CA certificate
Cloud Databases configures your database instance to support the use of SSL when the instance is provisioned. To encrypt data in transit using SSL, your database connections will need to use an SSL certificate associated with Cloud Databases.
Note: All database instances created before October 20, 2014, should be restarted before accepting SSL connections.
Download the appropriate SSL certificate, based on when the Cloud Databases instance was created.
For instances created before March 1, 2016, download the SSL certificate from the following URL:
For instances created on or after March 1, 2016, download the SSL certificate from the following URL:
Your applications should use the downloaded certificate as the CA certificate for SSL connections to your database.
Use the certificate with the mysql client
To make SSL connections using the
mysql command line client, specify
the location of the certificate when you start the client:
More information about using SSL with MySQL can be found in the MySQL 5.6 documentation.
Require SSL connections
You can also set up restrictions on a user to require SSL when
communicating with the database. MySQL supports the
REQUIRE SSL. For example, to restrict
database_user to have
read, write, and delete permissions for
prod_database only when
connected with an SSL connection, log in to MySQL as root and then issue
the following command.
GRANT SELECT, INSERT, UPDATE, DELETE ON prod_database.* TO 'database_user'@'%' REQUIRE SSL;
Note: If the user already exists, you must revoke all existing
privileges for the user and then use the preceding
GRANT statement to
give the appropriate privileges to the user.
Remember to run a
FLUSH PRIVILEGES for the database to make the
privilege change take effect.
Continue the conversation in the Rackspace Community.
©2017 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License