Tags:
create new tag
view all tags

SID-02503: Installation on AWS Lightsail - SSL on Mysql

Status: Answered Answered TWiki version: 6.1.0 Perl version:
Category: CategorySecurity Server OS: AWS Lightsail Linux 2 Last update: 2 years ago

Hello. This is my first installation of tiki. Tiki version 25.0 (InnoDB)

The environment is: - AWS Lightsail instance (I followed the instructions and I created two separate instances for the MySql). Tiki is running on Linux 2.

The installation is successful and I have only the SSL issue pending. I am not using a domain but I access tiki through a static IP.

I cannot find out how to enable SSL connection to the MySQL database. When I check via tiki-admin.php?page=security I see an error message saying:

" MySQL SSL connection MySQL connection is not encrypted To activate SSL, copy the keyfiles (.pem) to db/cert folder and enable "Use SSL connection". The filenames must end with "-key.pem", "-cert.pem", "-ca.pem" in cases the set of keys has 3 files and when using a single key it must end with "-ca.cert". "

I did the following: I downloaded a AWS certificate and put it in the right folder: rds-ca-2019-root.pem and I then I tried to adjust the settings in the file /etc/my.cnf

[mysqld] ssl ssl-ca=/var/www/html/tiki/db/cert/rds-ca-2019-root.pem

[client] ssl-mode=REQUIRED

I am at loss at how are these SSL connection to be encrypted.

The certificate is valid because I can connect to the DB instance using the certificate via mysql command in the ssh.

I also tried to apply the certificate with the command 'aws lightsail':

"aws lightsail update-relational-database --relational-database-name [DBNAME] --ca-certificate-identifier /var/www/html/tiki/db/cert/rds-ca-2019-root.pem --no-apply-immediately --region eu-west-2" this does not work because of permissions.

What am I doing wrong? What do I still need to do to enable the SSL Certificate.

I also tried to use openssl but the certificate generated these way are not accepted by AWS.

I would appreciate your help. Kind regards Amelia

-- TWiki Guest - 2023-01-29

Discussion and Answer

You are on the wrong site. This is TWiki, not Tiki.

-- Peter Thoeny - 2023-01-31

      Change status to:
ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Answered
Title Installation on AWS Lightsail - SSL on Mysql
SupportCategory CategorySecurity
TWiki version 6.1.0
Server OS AWS Lightsail Linux 2
Web server httpd
Perl version

Browser & version

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2023-01-31 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.