Proxysql SSL ca cert RDS

star2star_lewis · January 6, 2021, 6:51pm

How to connect to RDS with ssl in AWS from Proxysql?
Only have the CA-cert root certificate from aws to connect to RDS.
I can connect directly from the server that has proxysql installed.
mysql -udlewis -p -h rds.instance.rds.amazonaws.com -P3306 --ssl-ca /etc/ssl/certs/rds-ca-2019-root.pem
I can not connect with ssl from proxysql
mysql -udlewis -p -h 127.0.0.1 -P3306 --ssl-ca /home/dlewis/rds-ca-2019-root.pem
or
mysql -udlewis -p -h 127.0.0.1 -P3306

Ivan_Groenewold · January 7, 2021, 11:17am

Hi, there seems to be a few configs missing. Please check SSL Encryption at ProxySQL Part 1 - ProxySQL
for instructions

star2star_lewis · February 12, 2021, 3:53pm

Can I get a hint at what was missed?

Ivan_Groenewold · February 15, 2021, 11:50am

Hi, front end encryption is different from backend encryption in ProxySQL. The client to proxysql connections (frontend) should use the key/cert generated by proxysql, not the RDS pem file.
The RDS cert is only used to encrypt backed (proxysql to rds) connections.

See SSL Support · sysown/proxysql Wiki · GitHub

bpanigrahi · February 15, 2021, 9:54pm

It’s always better to use different key/cert for the frontend and backend connection’s.
The main challenge is resolving incases where you setup using a public certificate (CA).

Topic		Replies	Views
Proxsql Front-end connection ProxySQL	6	1412	August 4, 2022
Proxysql uses default cipher on updating ssl_p2s_cipher to ECDHE-ECDSA-AES256-GCM-SHA384 Polyglot Projects	1	1089	September 5, 2022
Proxysql startup failed due to issues in reading password protected SSL certificate ProxySQL	1	1127	March 26, 2021
SSL enabled Proxysql - How to configure proxysql to allow only encrypted front-end connections? Polyglot Projects	3	560	November 30, 2023
SSL on Percona Mysql Other MySQL® Questions	3	1078	November 23, 2015

Proxysql SSL ca cert RDS

Related topics