我无法使我的AWS EC2实例通过SSL连接到我的RDS MySQL数据库。
[AWS EC2 Linux 2,Apache 2.4.39,PHP 7.3.10,MySQL 5.7.26。为了使驻留在EC2中的应用程序在传输过程中具有安全连接,它必须使用SSL / TLS。我的理解是,鉴于我的PHP / MySQL应用程序,我需要执行以下代码。为了不影响我的数据库,我建立了一个测试数据库。使用自己的密码将新用户称为新用户。我从https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem中获得了捆绑的PEM文件rds-combined-ca-bundle.pem,并将其放置在该AWS页面指示的EC2服务器上的浏览器可访问目录中。
任何想法为何在输出中“无法设置私钥文件`rds-combined-ca-bundle.pem”?
**In AWS-test-ssl-script.php** ..
20 define ('MYSQLI', 'AWS-test-connect.php');
**In 'AWS-test-connect.php'** ..
12 $dbc=mysqli_init();
13 mysqli_ssl_set($dbc, NULL, "/dir/rds-combined-ca-bundle.pem", NULL, NULL, NULL);
14 mysqli_real_connect($dbc,"DB_server","new-user","password");
16 $res = mysqli_query($dbc, 'SHOW STATUS like "Ssl_cipher"');
17 print_r(mysqli_fetch_row($res));
18 mysqli_close($dbc);
**In AWS-test-ssl-script.php** ..
35 require(MYSQLI);
44 $sel = "CREATE USER IF NOT EXISTS 'new-user'@'%' IDENTIFIED BY 'password' REQUIRE SSL";
45 $sel_qry = mysqli_query($dbc, $sel);
46 mysqli_close($sel_qry);
48 $grant = "GRANT SELECT, INSERT, UPDATE, DELETE
49 ON testdb
50 TO new-user@%";
51 $grant_qry = mysqli_query($dbc, $grant);
52 mysqli_close($grant_qry);```
Output ..
Warning: mysqli_real_connect(): Unable to set private key file `rds-combined-ca-bundle.pem' in AWS-test-connect.php on line 14
Warning: mysqli_real_connect(): Cannot connect to MySQL by using SSL in AWS-test-connect.php on line 14
plus other warnings.
这是一个SSL错误,找不到be SSL密钥。
在第13行的此语句中引用了该键:
mysqli_ssl_set($dbc, NULL, "/dir/rds-combined-ca-bundle.pem", NULL, NULL, NULL);
这表明密钥文件不存在或具有不正确的权限。您可以确认该目录中可以访问该文件吗?
您也可以关闭SSL,如果它不是很重要,请查看它是否有效。