Understanding the changes in the Root CA change for Azure Database for MySQL single server (SSL)

https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-certificate-rotation#create-a-combined-ca-certificate

They changed supplier

Download new cert from link and edit in your connection string

Connect with HeidiSQL and check version

SELECT * FROM performance_schema.session_status 
WHERE VARIABLE_NAME IN ('Ssl_version','Ssl_cipher');

That is if ssl in enforced in mysql for single server and version is selected, i.e 1.2 in Azure.

Note

This article applies to Azure Database for MySQL – Single Server ONLY. For Azure Database for MySQL – Flexible Server, the certificate needed to communicate over SSL is DigiCert Global Root CA

Select all users and connections to mysql

SELECT DB,USER,HOST,STATE FROM INFORMATION_SCHEMA.PROCESSLIST ORDER BY DB DESC;

How can I verify I’m using SSL to connect to mysql?

(From the client, just run status. If this connection is using SSL, you’ll get something interesting in the SSL row.)

https://dba.stackexchange.com/questions/36776/how-can-i-verify-im-using-ssl-to-connect-to-mysql#:~:text=OFFICIAL%20SOLUTION%20ACCORDING%20TO%20MYSQL,then%20the%20connection%20is%20encrypted.

MySQL encryption configuration (in Zabbix)

https://www.zabbix.com/documentation/current/en/manual/appendix/install/db_encrypt/mysql

Microsoft

Encrypted connectivity using TLS/SSL in Azure Database for MySQL – Flexible Server | Microsoft Learn

Verify the TLS/SSL connection

mysql> status

How to identify the TLS protocols configured on your server ?

mysql> SHOW GLOBAL VARIABLES LIKE 'tls_version';

How to find which TLS protocol are being used by my clients to connect to the server?

SELECT sbt.variable_value AS tls_version,  t2.variable_value AS cipher,
processlist_user AS user, processlist_host AS host
FROM performance_schema.status_by_thread  AS sbt
JOIN performance_schema.threads AS t ON t.thread_id = sbt.thread_id
JOIN performance_schema.status_by_thread AS t2 ON t2.thread_id = t.thread_id
WHERE sbt.variable_name = 'Ssl_version' and t2.variable_name = 'Ssl_cipher' ORDER BY tls_version;
Scroll to Top