In this tutorial you will learn how you can use MySQL Connector/NET to connect to a MySQL server configured to use SSL. Support for SSL client PFX certificates was added to Connector/NET 6.2, which is the native format of certificates on Microsoft Windows. More recently, support for SSL client PEM certificates was added in the Connector/NET 8.0.16 release.
MySQL Server uses the PEM format for certificates and private keys.
Connector/NET enables the use of either PEM or PFX certificates with both
the classic MySQL protocol and X Protocol. This tutorial uses
the test certificates from the server test suite by way of example.
You can obtain the MySQL Server source code from
Downloads. The certificates can be found in the
To apply the server-side startup configuration for SSL connections:
In the MySQL Server configuration file, set the SSL parameters as shown in the follow PEM format example. Adjust the directory paths according to the location in which you installed the MySQL source code.
ssl-ca=path/to/repo/mysql-test/std_data/cacert.pem ssl-cert=path/to/repo/mysql-test/std_data/server-cert.pem ssl-key=path/to/repo/mysql-test/std_data/server-key.pem
SslCaconnection option accepts both PEM and PFX format certificates, using the file extension to determine how to process certificates. Change
cacert.pfxif you intend to continue with the PFX portion of this tutorial.
For a description of the connection string options used in this tutorial, see Chapter 7, Connector/NET 8.0 Connection Options Reference.
Create a test user account to use in this tutorial and set the account to require SSL. Using the MySQL Command-Line Client, connect as
rootand create the user
To set privileges and requirements to always enforce the use of SSL, issue the following command.
GRANT ALL PRIVILEGES ON *.* TO sslclient@'%' REQUIRE SSL;
For detailed information about account-management strategies, see Access Control and Account Management.
Now that the server-side configuration is finished, you can begin the client-side configuration using either PEM or PFX format certificates in Connector/NET.