PDF (US Ltr)
- 4.5Mb
PDF (A4)
- 4.5Mb
The direct use of PEM format certificates was introduced to simplify certificate management in multiplatform environments that include similar MySQL products. In previous versions of Connector/NET, your only choice was to use platform-dependent PFX format certificates.
For this example, use the test client certificates from the MySQL
server repository
(server-repository-root/mysql-test/std_datatest database and the
sslclient user account (created previously).
For example:
Set the
SslModeconnection option to the level of security needed. PEM certificates are only validated forVerifyCAandVerifyFullSSL mode values. All other mode values ignore certificates even if they are provided.using (MySqlConnection connection = new MySqlConnection( "database=test;user=sslclient;" + "SslMode=VerifyFull"Add the appropriate SSL certificates. Because this tutorial sets the
SslModeoption toVerifyFull, you must also provide values for theSslCa,SslCert, andSslKeyconnection options. Each option must point to a file with the.pemfile extension."SslCa=ca.pem;" + "SslCert=client-cert.pem;" + "SslKey=client-key.pem;"))Alternatively, if you set the SSL mode to
VerifyCA, only theSslCaconnection option is required.Open a connection. The following example opens a connection using the classic MySQL protocol, but you can perform a similar test using X Protocol.
using (MySqlConnection connection = new MySqlConnection( "database=test;user=sslclient;" + "SslMode=VerifyFull" + "SslCa=ca.pem;" + "SslCert=client-cert.pem;" + "SslKey=client-key.pem;")) { connection.Open(); }
Errors found when processing the PEM certificates will result in an exception being thrown. For additional information, see Command Options for Encrypted Connections.