CodeIgniter Forums
mysqli with SSL via .env file settings - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: mysqli with SSL via .env file settings (/showthread.php?tid=78495)



mysqli with SSL via .env file settings - evansharp - 01-28-2021

Hello,

After reading the relevant docs, I am still having difficulty getting CI to connect to my mysql database with SSL enabled. Does this have to do with my .env formatting?
Code:
#--------------------------------------------------------------------
# DATABASE
#--------------------------------------------------------------------

database.default.hostname = localhost <socket connection and loopback both work in shell, I've tried both here>
database.default.database = <dbname>
database.default.username = <uname, verified by shell login>
database.default.password = <password, verified by shell login>
database.default.DBDriver = MySQLi

database.default.encrypt.ssl_key = '<absolute system path>/client-key.pem'
database.default.encrypt.ssl_cert = '<absolute system path>/client-cert.pem'
database.default.encrypt.ssl_ca = '<absolute system path>/ca-cert.pem'
database.default.encrypt.ssl_verify = FALSE

I've set ownership on the cert files to myuser:apacheuser and the permissions to 440. These are the same cert files I have downloaded and used successfully connecting to this server with Sequel Pro.

What am I missing?
Thanks!
Evan


RE: mysqli with SSL via .env file settings - evansharp - 01-29-2021

I got it. Posting for others:

1) Paths to cert files in `.env` do not need quotes! They're not parsed correctly with quotes, removing them allowed the values to be stored.
2) Increasing my logging threshold to '8' in /App/Config/Logger.php revealed that the mysqli driver was not loading. This led me to discover that when I bumped to php7.4 on this box, php7.4-mysql hadn't been configured correctly. A quick `dpkg -configure` sorted it out.