ClearDB Logo
Home » Developers » Connecting to ClearDB via SSL

Overview

By default, all connections between ClearDB systems are secured via SSL to ensure data security. However, due to the variety of client libraries and connection options available for MySQL, we cannot enforce client SSL security. As such, we've put together a guide that can help you connect to ClearDB using SSL security, thus ensuring a 100% SSL Everywhere environment for your database.

Preparing for SSL connectivity

ClearDB offers our users the ability to connect via SSL using certificates and keys. We encourage all of our users to utilize these certificates to secure their connections to ClearDB. You can get each of these certificates by signing into your ClearDB account, or if you're coming from one of our partners, you can access these certificates by going to your ClearDB dashboard.

Note: do not share these certificates with anyone that you don't want to have access to your database. Each certificate is only available and visible to your account.

Download the correct certificate(s) for use in your applications.

Connecting via SSL to ClearDB using PHP

In order to connect via SSL using PHP, you'll need to use the "MySQLi" extension, like this:

    $db = mysqli_init();
    $db->ssl_set(PATH_TO_SSL_CLIENT_KEY_FILE, PATH_TO_SSL_CLIENT_CERT_FILE, PATH_TO_CA_CERT_FILE, null, null);
    $db->real_connect(HOSTNAME, USERNAME, PASSWORD, DATABASE_NAME);

For more information about using PHP's MySQLi extension to create SSL encrypted connections to MySQL, see the official PHP documentation.

Connecting via SSL to ClearDB using Rails on Heroku

Using our SSL certificates on Heroku can be implemented using the following steps:

  1. Download the CA, Client, and Private Key files from your ClearDB dashboard and place them in the root of the application's filesystem.
  2. Make sure you have have OpenSSL installed, which you can find here for Unix/Linux/OS X and here for Windows.
  3. Due to the MySQL client library configuration used on Heroku, you will need to strip the password from the private key file, which can be done like this:
        $ openssl rsa -in cleardb_id-key.pem -out cleardb_id-key-no-password.pem
    

    You can now delete the cleardb_id-key.pem and rename cleardb_id-key-no-password.pem to cleardb_id-key.pem, which you will use with your app.

  4. Set the DATABASE_URL config variable with the value of your modified CLEARDB_DATABASE_URL, like this:
        $ heroku config:add DATABASE_URL="mysql2://abc1223:dfk243@us-cdbr-east.cleardb.com/my_heroku_db?
        sslca=cleardb-ca-cert.pem&sslcert=cleardb_id-cert.pem&sslkey=cleardb_id-key.pem&reconnect=true"
    

Hint: notice how we added the "reconnect=true" parameters to the end of the URL? This is so that your application will automatically reconnect to ClearDB in the event of a connection timeout.

From here, simply restart your application (if Heroku didn't already do that for you) and as long as you specified the correct file names and paths to the certificates in your DATABASE_URL, your app will now connect via SSL to ClearDB.

Connecting via SSL to ClearDB using Java

Connecting via SSL to ClearDB using Java involves setting up JSSE support. This information can be found by going to MySQL's Java Connector SSL page.

Connecting via SSL to ClearDB using Python/Django

Connecting via Python/Django should be easily performed by simply passing the SSL information as follows:

    DATABASES['default'] = {
        'ENGINE': 'django.db.backends.mysql',
        'HOST': 'my-host-goes-here',
        'USER': 'my-user-goes-here',
        'NAME': 'my-db-name-goes-here',
        'PASSWORD': 'my-db-pass-goes-here',
        'OPTIONS': {'ssl': {'ca':'/path/to/cert.pem', 'cert':'/path/to/cert.pem', 'key':'/path/to/key.pem'},},
    }

You can also find out how to connect via SSL to ClearDB by checking out the MySQLdb driver documentation.