Y
Y
Yuri2017-03-17 11:50:19
PHP
Yuri, 2017-03-17 11:50:19

What could be the problem when connecting via PDO with SSL, with SQLSTATE[HY000] [2002] error?

Good time of the year!
When trying to connect to a remote server via PDO with SSL like this

try{
        $db = new PDO("mysql:host=db.server.ru;dbname=testbase",
                      'ssluser',
                      'pass',
                      [
                          PDO::MYSQL_ATTR_SSL_KEY  => VARS . '/certs/client-key.pem',
                          PDO::MYSQL_ATTR_SSL_CERT => VARS . '/certs/client-cert.pem',
                          PDO::MYSQL_ATTR_SSL_CA   => VARS . '/certs/ca.pem'
                      ]
        );
} catch(PDOException $ex){
    var_dump($ex->getMessage());
    echo "\r\n";
}

I get SQLSTATE[HY000] [2002] error with no other text. Most likely there Connection refused.
On the server is mariadb.
Generated certificates like this . Common names are different for certificates.
When executed on the server where the script is running with an error, the commands in the console
mysql -h db.server.ru -ussluser -p --ssl-ca=/var/www/.../var/certs/ca.pem --ssl-cert=/var/www/.../var/certs/client-cert.pem --ssl-key=/var/www/.../var/certs/client-key.pem

connection is normal, no errors.
The directory with certificates looks like this
drwxrwxrwx  2 apache apache 4096 Mar 15 13:40 .
drwxrwxrwx 11 root   root   4096 Mar 15 13:40 ..
-rwxrwxrwx  1 apache apache 1679 Mar 16 18:14 ca-key.pem
-rwxrwxrwx  1 apache apache 1285 Mar 16 18:14 ca.pem
-rwxrwxrwx  1 apache apache 1155 Mar 16 18:14 client-cert.pem
-rwxrwxrwx  1 apache apache 1675 Mar 16 18:14 client-key.pem
-rwxrwxrwx  1 apache apache  985 Mar 16 18:14 client-req.pem
-rwxrwxrwx  1 apache apache 1155 Mar 16 18:14 server-cert.pem
-rwxrwxrwx  1 apache apache 1679 Mar 16 18:14 server-key.pem
-rwxrwxrwx  1 apache apache  985 Mar 16 18:14 server-req.pem

Muscle logs on this connection show nothing. The logs are: log_error and general_log_file.
Centos system. There is nothing in the messages and secure logs about this either.

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question