Skip to content

Understanding the changes in the Root CA change for Azure Database for MySQL single server (SSL)

Last updated on June 8, 2023

They changed supplier

Download new cert from link and edit in your connection string

Connect with HeidiSQL and check version

SELECT * FROM performance_schema.session_status 
WHERE VARIABLE_NAME IN ('Ssl_version','Ssl_cipher');

That is if ssl in enforced in mysql for single server and version is selected, i.e 1.2 in Azure.


This article applies to Azure Database for MySQL – Single Server ONLY. For Azure Database for MySQL – Flexible Server, the certificate needed to communicate over SSL is DigiCert Global Root CA

Select all users and connections to mysql


How can I verify I’m using SSL to connect to mysql?

(From the client, just run status. If this connection is using SSL, you’ll get something interesting in the SSL row.),then%20the%20connection%20is%20encrypted.

MySQL encryption configuration (in Zabbix)


Encrypted connectivity using TLS/SSL in Azure Database for MySQL – Flexible Server | Microsoft Learn

Verify the TLS/SSL connection

mysql> status

How to identify the TLS protocols configured on your server ?

mysql> SHOW GLOBAL VARIABLES LIKE 'tls_version';

How to find which TLS protocol are being used by my clients to connect to the server?

SELECT sbt.variable_value AS tls_version,  t2.variable_value AS cipher,
processlist_user AS user, processlist_host AS host
FROM performance_schema.status_by_thread  AS sbt
JOIN performance_schema.threads AS t ON t.thread_id = sbt.thread_id
JOIN performance_schema.status_by_thread AS t2 ON t2.thread_id = t.thread_id
WHERE sbt.variable_name = 'Ssl_version' and t2.variable_name = 'Ssl_cipher' ORDER BY tls_version;
Published inmysql