Connnecting to MySQL using SSL

The latest version of our MySQL (Actual Open Source Databases) driver includes support for SSL connections.

Note: the certificate file must be located on the file system in a directory that is accessible by the application. For example, if the driver is being used by FileMaker Server, the certificate file might be placed in /Users/Shared. If the driver is used with Excel 2016 (a sandboxed application), the certificate should be placed in Documents/ODBC Documents/Excel underneath your home folder.

In order to take advantage of SSL, you will have to connect to a MySQL server that has been built with SSL support. Not all distributions available from www.mysql.com have SSL support by default. A MySQL server can be built with SSL support using these instructions:

http://dev.mysql.com/doc/mysql-security-excerpt/5.6/en/secure-connections.html

You can find instructions for creating and installing SSL certificates here:

http://dev.mysql.com/doc/mysql-security-excerpt/5.6/en/creating-ssl-files-using-openssl.html

In order for the driver to recognize your certificate, you will need to press the "Advanced Options" button on the DSN setup assistant and enter the appropriate paths to your certificate files.

To check whether a running MySQL server supports SSL, examine the value of the have_ssl system variable by executing the following query:

SHOW VARIABLES LIKE 'have_ssl';

... will have the following output:

| Variable_name | Value |
+---------------+-------+
| have_ssl | YES |
+---------------+-------+

If the value is YES, the server supports SSL connections. If the value is DISABLED, the server supports SSL connections but was not started with the appropriate --ssl-xxx options. If the value is empty, then the server does not support SSL.

To check whether your connection is using SSL, execute the following query:

SHOW STATUS LIKE 'Ssl_cipher'

... will have the following output:

| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher | DHE-RSA-AES256-SHA |
+---------------+--------------------+

If your connection is using SSL, the value will contain the SSL encryption method (i.e. "DHE-RSA-AES256-SHA"). If the value is empty, then your connection is not using SSL.

If you or your database administrator have any questions or concerns, please contact us at support@actualtech.com.