Connect to remote MariaDB using SSL or X509 certificate?

  • I have a separate database server and since I will be building a WooCommerce store, I’m required to setup a secure connection between the two servers (WordPress app & database).

    Does anyone know how I can setup WordPress to use my remote db server using X509 certificates?

    I have already created the server and client certificate. I’m able to connect to the database remotely using mysql -u USERNAME -h REMOTE_IP -p

    However, when I try to connect via WordPress after editing the wp-config.php file, I get failed to connect to database.

    I am using:

    define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL);

    Should I switch to MYSQLI_CLIENT_X509?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter wifiandbeer

    (@kingstonrx84)

    @iconithemes

    Unfortunately, that doesn’t work.

    I tested the WordPress DB user account via normal mysql connect command and I get no issue connecting.

    ie. mysql -u wordpress_user -h wordpress_hostname -pPASSWORD

    I also verified that the SSL certs wp-config.php is using is owned by www-data user (Apache on Debian 12).

    Having debug set to true doesn’t give me much to go off.

    Access denied for user?WORDPRESS_USER (using password: YES)

    Also, I looked in wp-includes for class-wpdb.php and I could not find any mention of DB_SSL or any of those options. It doesn’t appear WP is even reading them in unless it’s located elsewhere.

    • This reply was modified 3 months, 2 weeks ago by wifiandbeer.

    The above-mentioned constants do not actually exist in WordPress. I don’t know how that would work.

    WordPress uses this function here to establish a connection: https://github.com/WordPress/WordPress/blob/d09e94165eeac4589a61f9f88076b0eff54d7480/wp-includes/class-wpdb.php#L1985

    @mysqli_real_connect( $this->dbh, $host, $this->dbuser, $this->dbpassword, null, $port, $socket, $client_flags );

    The $client_flags is filled from the constant you are using, so it is actually correct. The reason why your connection fails could possibly be due to the port. If your MySQL server enables the SSL connection via a port other than 3306, then you would have to specify the other port in DB_HOST.

    If this does not work either, check what your database server requires for this and what PHP’s own function mysqli_real_connect() sets for this.

    Thread Starter wifiandbeer

    (@kingstonrx84)

    @threadi It uses the same port. I’ve already tested it with the local MySQL client on the server. SSL works fine.

    the WP core team need to update class-wpdb.php to support SSL.

    found this on the PHP website:

    https://www.php.net/manual/en/mysqli.ssl-set.php

    would have to modify the core file it seems.

    • This reply was modified 3 months, 1 week ago by wifiandbeer.

    Coincidentally, there was a commit to the core today: https://github.com/WordPress/wordpress-develop/pull/7177 – still seems a bit strange to me, but it is at least a way to make it possible in a future version.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.