MySQL Connector/NET Developer Guide
The direct use of PEM format certificates was introduced to simplify certificate management in multiplatform environments that include similar MySQL products. In previous versions of Connector/NET, your only choice was to use platform-dependent PFX format certificates.
For this example, use the test client certificates from the MySQL
server repository
(
).
In your application, add a connection string using the
server-repository-root
/mysql-test/std_datatest
database and the
sslclient
user account (created previously).
For example:
Set the SslMode
connection option to the
level of security needed. PEM certificates are only validated
for VerifyCA
and
VerifyFull
SSL mode values. All other mode
values ignore certificates even if they are provided.
using (MySqlConnection connection = new MySqlConnection( "database=test;user=sslclient;" + "SslMode=VerifyFull"
Add the appropriate SSL certificates. Because this tutorial
sets the SslMode
option to
VerifyFull
, you must also provide values
for the SslCa
, SslCert
,
and SslKey
connection options. Each option
must point to a file with the .pem
file
extension.
"SslCa=ca.pem;" + "SslCert=client-cert.pem;" + "SslKey=client-key.pem;"))
Alternatively, if you set the SSL mode to
VerifyCA
, only the SslCa
connection option is required.
Open a connection. The following example opens a connection using the classic MySQL protocol, but you can perform a similar test using X Protocol.
using (MySqlConnection connection = new MySqlConnection( "database=test;user=sslclient;" + "SslMode=VerifyFull" + "SslCa=ca.pem;" + "SslCert=client-cert.pem;" + "SslKey=client-key.pem;")) { connection.Open(); }
Errors found when processing the PEM certificates will result in an exception being thrown. For additional information, see Command Options for Encrypted Connections.