Documentation Home
MySQL Connector/NET Developer Guide
Related Documentation Download this Manual
PDF (US Ltr) - 1.3Mb
PDF (A4) - 1.3Mb


6.7.1 Using PEM Certificates in Connector/NET

The direct use of PEM format certificates was introduced to simplify certificate management in multiplatform environments that include similar MySQL products. In previous versions of Connector/NET, your only choice was to use platform-dependent PFX format certificates.

For this example, use the test client certificates from the MySQL server repository (server-repository-root/mysql-test/std_data). In your application, add a connection string using the test database and the sslclient user account (created previously). For example:

  1. Set the SslMode connection option to the level of security needed. PEM certificates are only validated for VerifyCA and VerifyFull SSL mode values. All other mode values ignore certificates even if they are provided.

    using (MySqlConnection connection = new MySqlConnection(
    "database=test;user=sslclient;" +
    "SslMode=VerifyFull"
  2. Add the appropriate SSL certificates. Because this tutorial sets the SslMode option to VerifyFull, you must also provide values for the SslCa, SslCert, and SslKey connection options. Each option must point to a file with the .pem file extension.

    "SslCa=ca.pem;" +
    "SslCert=client-cert.pem;" +
    "SslKey=client-key.pem;"))

    Alternatively, if you set the SSL mode to VerifyCA, only the SslCa connection option is required.

  3. Open a connection. The following example opens a connection using the classic MySQL protocol, but you can perform a similar test using X Protocol.

    using (MySqlConnection connection = new MySqlConnection(
    "database=test;user=sslclient;" +
      "SslMode=VerifyFull" +
      "SslCa=ca.pem;" +
      "SslCert=client-cert.pem;" +
      "SslKey=client-key.pem;"))
    
    {
        connection.Open();
    }

Errors found when processing the PEM certificates will result in an exception being thrown. For additional information, see Command Options for Encrypted Connections.