我有一个CakePHP3.8网站,已连接到RDS数据库。我正在尝试使用SSL数据库连接。
我从AWS获得了pem证书。我已经创建了一个可以访问我的数据库的测试用户,并且该用户设置为需要SSL。
我可以通过命令行与用户成功连接到数据库:mysql -u ssl-user -p -h xxxxx.xxxxx.ap-southeast-2.rds.amazonaws.com --ssl-ca=./rds-ca-2019-root.pem
我已经在CakePHP中建立数据库连接,如下所示:
'Datasources' => [
'default' => [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'xxxxx.xxxxx.ap-southeast-2.rds.amazonaws.com',
'username' => 'sl-user',
'password' => 'xxxxxxx',
'database' => 'xxxxxxx',
'ssl_ca' => '/var/www/rds-ca-2019-root.pem',
'encoding' => 'utf8',
'timezone' => 'UTC',
'flags' => [],
'cacheMetadata' => true,
'log' => false,
'quoteIdentifiers' => true,
'url' => env('DATABASE_URL', null),
],
],
通过以上设置,我连接失败,出现以下错误:
Error: [PDOException] SQLSTATE[HY000] [2002]
Caused by: [PDOException] PDO::_construct(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_sertificate:certificate verify failed (/var/www/vendor/cakephp/cakephp/src/Database/Driver.php:92)
关于CakePHP无法连接的任何想法?
实际意识到RDS服务器正在运行MariaDB10.3.x。 AWS提供了针对MariaDB的特定文档:https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.SSLSupport
对我来说,解决方案是使用组合证书:https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem