Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Mugluck's avatar

How do I connect to a MySQL database over SSL with Laravel 5.3

I've been searching all over the internet and haven't had any success.

eg: https://laravel.io/forum/06-18-2014-connecting-mysql-over-ssl?page=1 https://laracasts.com/discuss/channels/lumen/connecting-to-mysql-via-ssl-from-lumen

I'm trying to connect to an azure mysql database over ssl from my laravel application.

I've confirmed I can connect to the database if I turn ssl off. So the settings are correct. What trips me up, and what I can find no documentation on is how to connect via ssl. I've got a sslkey - which I've confirmed can be used to to connect to the database with one of my database management programs - so the pieces are there.

Laravel, however, seems to be failing.

Here's my database driver:


    'mysql' => [
                'driver' => 'mysql',
                'host' => env('DB_HOST', 'localhost'),
                'port' => env('DB_PORT', '3306'),
                'database' => env('DB_DATABASE', 'forge'),
                'username' => env('DB_USERNAME', 'forge'),
                'password' => env('DB_PASSWORD', ''),
                'charset' => 'utf8',
                'collation' => 'utf8_unicode_ci',
                'prefix' => '',
                'strict' => false,
                'engine' => null,
                'sslmode' => env('DB_SSLMODE', 'prefer'),
                'options'   => array(
                                PDO::MYSQL_ATTR_SSL_KEY    => '\ssl\DatabaseCACert.pem'),
            ],

What am I missing? The database is just refusing the connection at the moment. SQLSTATE[HY000] [2002] So it's close.

0 likes
9 replies
alexejenko's avatar

According to http://php.net/manual/de/ref.pdo-mysql.php#103501 you are missing 2 options for the ssl connection. You need the SSL Key, Cert and CA Cert.

 'mysql' => [
    .............
    'options'   => array(
        PDO::MYSQL_ATTR_SSL_KEY => '/path/to/client-key.pem',
        PDO::MYSQL_ATTR_SSL_CERT => '/path/to/client-cert.pem',
        PDO::MYSQL_ATTR_SSL_CA => '/path/to/ca-cert.pem',
        ),
    ],
2 likes
beetuco's avatar

What sslmode are you using?

From https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl

Currently, there is a known issue if you use "--ssl-mode=VERIFY_IDENTITY" option in your mysql.exe connection to the service, the connection will fail with the following error: ERROR 2026 (HY000): SSL connection error: SSL certificate validation failure Please downgrade to "--ssl-mode=VERIFY_CA" or lesser SSL modes

Can you connect using MySQL workbench with ssl?

Mugluck's avatar

@alexejenko - Microsoft documentation only suggests using the one ssl file, and I have no idea how to configure the rest, or how to install them on the server. This is a first for me.

@beetuco - no clue. There's no way to check in azure, sslmode isn't an option in the server parameters.

Yes, I can connect via mysql workbench with ssl. No problems there.

Mugluck's avatar
Mugluck
OP
9 years ago
Best Answer
Level 3

Ok. Solved the issue. Hopped on the phone with microsoft and noticed one of the log errors was:


PDO::__construct(): Peer certificate CN=`resourceregion-a.control.database.windows.net' did not match expected CN=`db.mysql.database.azure.com'

And that line in the documentation that @alexejenko points out, the bit after that:

" If you require to use "--ssl-mode=VERIFY_IDENTITY", then you can ping your server name to resolve the regional server name, such as westeurope1-a.control.database.windows.net, and use that regional server name in the connection until this issue is resolved. We plan to remove this limitation in the future."

Turns out this is what was happening. The database connection was routing to the regional database, not mine. So yay for not quite finished products.

Once I changed my DB_HOST to that region it successfully connected (note: make sure you've whitelisted your ips).

So yeah... bit of a weird one.

webservices-ca@outloook.com's avatar

Old post but I used this article

https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl

Then

Download the certificate needed to communicate over SSL with your Azure Database for MySQL server from https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt.pem and save the certificate file to your local drive

And I updated my `config/database.php' file

        'mysql' => [
            'driver' => 'mysql',
            'host' => env('DB_HOST', '127.0.0.1'),
            'port' => env('DB_PORT', '3306'),
            'database' => env('DB_DATABASE', 'forge'),
            'username' => env('DB_USERNAME', 'forge'),
            'password' => env('DB_PASSWORD', ''),
            'unix_socket' => env('DB_SOCKET', ''),
            'charset' => 'utf8mb4',
            'collation' => 'utf8mb4_unicode_ci',
            'prefix' => '',
            'strict' => true,
            'engine' => null,
            'options'   => array(
                PDO::MYSQL_ATTR_SSL_KEY    => '/etc/ssl/BaltimoreCyberTrustRoot.crt.pem'),
        ],

Afterwards I simply refreshed my page with no service restart (LAMP stack)

4 likes
thepanda's avatar

@webservices[email protected] Thank you so much for your answer, I had the same issue SQLSTATE[HY000] [2002] (trying to connect via (null)) but after viewing your configuration I saw that I was passing the certificate to PDO::MYSQL_ATTR_SSL_CA instead of PDO::MYSQL_ATTR_SSL_KEY. I'm so glad that I found your answer after roaming around the internet for an entire week.

1 like
irvv17's avatar

Yeah the problem here is the SSL certificate, you need to pass it to laravel...

with the same PDO::MYSQL_ATTR_SSL_CA configuration you can set up ScaleGrid too..

Please or to participate in this conversation.