Loading...
 
Architecture / Installation

Architecture / Installation


Request for help with getting SSL working

posts: 2 Canada

I am in the process of setting up TikiWiki 24.x running in an Azure App service and using an Azure Database for MySQL. A service connector is established between the two using a connection string. The connection string is as follows (with parameters (XX) and credentials intentionally removed for security reasons):

$con = mysqli_init();
mysqli_ssl_set($con,NULL,NULL,"/home/site/wwwroot/db/cert/XX-ca.pem", NULL, NULL);
mysqli_real_connect($conn, "XX.mysql.database.azure.com", "admin name", "admin password", "database name", 3306, MYSQLI_CLIENT_SSL);

The SSL CA certificate provided by "Azure Database for MySQL" I haven't been able to get working with TikiWiki. I have copied the CA pem certificate to /wwwroot/db/cert folder and ensured the filename ends in "-ca.pem".
However, TikiWiki complains 'Lost Tiki database connection'.

If I temporarily disable SSL on the Azure Database for MySQL, TikiWiki then runs fine.

As an additional test, I have installed MySQL Workbench 8.0 on my own device and I am able to successfully use the -ca.pem file to establish a secure SSL connection to the database with SSL enabled.

I have read the following:
https://doc.tiki.org/MySQL-SSL
It mentions that just the -ca.pem file can work, but that a Client Key and Client Cert are also potentially required.
Azure Database for MySQL doesn't provide the client key/client cert files, only the -ca.pem.
To my knowledge I can't create a client key/client cert file on my own from the public -ca.pem file provided by Azure Database for MySQL. There is also no option to chose a different SSL -ca.pem file for it that I am aware.

There is the ability in the Azure App service to pass environment variables to the web application (TikiWiki). I have tried adding connection strings that reference the -ca.pem file, both in PHP and PHP PDO format but neither seemed to help.

I have seen the database connection info in wwwroot/db/local.php however no mention of ssl certificate to use.

Any idea why TikiWiki isn't able to establish an SSL connection with the database(with SSL enabled and using same -ca.pem file) but MySQL Workbench can?

Additional info:
MySQL version: 5.7.38
PHP version: 7.4.28
Apache version: 2.4.38
Webservice OS: Linux, Ubuntu 18.04.1, 5.4 kernel
tiki-phpinfo.php shows openssl is running/enabled
OpenSSL 1.1.1d 10 Sep 2019
PDO is also running (mysqlnd 7.4.28)

Thanks for any help anyone can offer.

posts: 2 Canada
Is there TikiWiki log files somewhere I can read that are more detailed about the database connection attempts?


Upcoming Events

No records to display

Menu